Activity

30 days up to

User

Subprojects

Activity

From 04/23/2022 to 05/22/2022

05/22/2022

11:12 PM Regression #13193 (Resolved): Deleting a host entry fails to remove dummynet pipes: When removing an allowed host, pipes are not cleared that were added for the entry. This may only apply if the hostna... Reid Linnemann
10:55 PM Regression #13192 (Feedback): Default pipe rate limits are applied to allowed mac/ip/host entries: Applied in changeset commit:43bd2b88b7774bba0c54d2f02eb429bfafb8d235. Reid Linnemann
09:58 PM Regression #13192 (Assigned): Default pipe rate limits are applied to allowed mac/ip/host entries: Reid Linnemann
09:56 PM Regression #13192 (Resolved): Default pipe rate limits are applied to allowed mac/ip/host entries: When adding an allowed mac, ip, or host, if the up or down bandwidth are not specified and a default per user bandwid... Reid Linnemann
09:58 PM Regression #13191 (Assigned): Deleting a passthru mac entry fails to remove pf rules and dummynet pipes associated with the passthru mac: Reid Linnemann
06:50 PM Regression #13191 (Resolved): Deleting a passthru mac entry fails to remove pf rules and dummynet pipes associated with the passthru mac: When a passthru mac entry is deleted, the pipes associated with the entry are intended to be removed, followed by the... Reid Linnemann
06:45 PM Bug #13169 (Feedback): captiveportal_ether_delete_entry() does not delete anchors/pipes: passthru mac is a separate issue Reid Linnemann

05/21/2022

05:57 PM pfSense Packages Todo #13190: Update System_Patches package for pfSense+ 22.05: That's expected with those patches in 22.05. The system patches package should be updated for 22.05. Steve Wheeler
04:40 PM pfSense Packages Todo #13190: Update System_Patches package for pfSense+ 22.05: Fixed subject spelling error. Kris Phillips
04:38 PM pfSense Packages Todo #13190 (Closed): Update System_Patches package for pfSense+ 22.05: The System_Patches package shows patches "pre-applied" that are fixes from 22.01 going into 22.05. It also recommend... Kris Phillips
05:24 PM pfSense Packages Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration: Now works correctly. Marcos M
04:57 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: FreshPorts has the 6.0.4 package upstream. We should pull this for the pfSense package:
https://www.freshports.or... Kris Phillips
04:55 PM Bug #4451: Status DHCP Leases shows double entries for static entries without IP address: This is still present in 22.01 and 22.05-BETA build from May 20th. Kris Phillips
01:00 PM pfSense Plus Todo #13189 (Resolved): Input validation should reject the combination of DCO and P2P mode: DCO has issues with OpenVPN's peer-to-peer mode (tunnel network /30-/32) and we should prevent that combination of se... Jim Pingle
07:51 AM Bug #13105 (Resolved): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Tested backing up a config file with (from the system running 2.7.0.a.20220520.0600) the following custom options in ... Danilo Zrenjanin

05/20/2022

07:32 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: *zabbix-agent6* (pfSense-pkg-zabbix-agent6) and *zabbix-proxy6* (pfSense-pkg-zabbix-proxy6) where added in https://gi... Clemens Bastian
05:49 PM Revision bfb06f9a: Revert "Destroy deleted/disabled IPsec SA. Fixes #13102": This appears to be causing a pileup of swanctl processes on systems with
a significant number of disabled tunnels.
T... Jim Pingle
03:08 PM Regression #13162: Upgrade does not work when using only IPv6 DNS servers: Updating subject for release notes. Jim Pingle
03:08 PM Regression #13176: UPnP port mappings cause kernel panic: Not a problem in a release, so excluding from release notes. Jim Pingle
03:07 PM Bug #13145: Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: Updating subject for release notes. Jim Pingle
03:05 PM Feature #12809: Recover existing SSH keys during installation: Updating subject for release notes. Jim Pingle
09:16 AM Feature #12809 (Resolved): Recover existing SSH keys during installation: Works great on the latest snapshot Jim Pingle
03:05 PM Regression #12873: Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: Updating subject for release notes. Jim Pingle
03:04 PM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Updating subject for release notes. Jim Pingle
01:07 PM Bug #13102 (New): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Jim Pingle
01:00 PM Bug #13102 (Feedback): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Applied in changeset commit:bfb06f9a27785f3c5164b44e004c3be9165f764e. Jim Pingle
12:55 PM Bug #13102 (New): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: I had to back the change in commit:d90552c59e51fb13c712b6a96a51ca2462424156 out for now. On systems with a lot of tun... Jim Pingle
11:40 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication: Hello,
This would be hugely helpful. Insurance companies are starting to require we implement 2FA across the board... Michael Pace
11:23 AM Bug #13188: states reset on all interfaces: Awesome, thank you! And sorry for posting a duplicate - I did try to search before. Alex Kolesnik
09:06 AM Bug #13188 (Duplicate): states reset on all interfaces: Already done on Plus 22.05/CE 2.7.0 snapshots. See #12092, #8555, and other related similar issues. Jim Pingle
09:01 AM Bug #13188 (Duplicate): states reset on all interfaces: Hi,
When a gateway goes down (in my case it's IPSEC VTI gateway) and "Flush all states when a gateway goes down" s... Alex Kolesnik
10:44 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: David G wrote in #note-6:
> The reported issue is known. The workaround is to add the following config.
> [ details o... Robert Hardy
09:52 AM pfSense Plus Regression #13183 (Confirmed): ZFS module is loaded on systems without ZFS: The Dashboard instance is fixed, but I also found another way it can happen: During upgrade
Run @pfSense-upgrade@ ... Jim Pingle
08:54 AM Bug #13060 (Resolved): Potential XSS from URL and URL Table alias URLs: No issues on current snapshots Jim Pingle
07:04 AM Regression #13182: Enabling /var as a RAM disks conflicts with ZFS: There are similar problem in 2017, in CE 2.4.0 version
https://forum.netgate.com/topic/109945/error-it-was-not-pos... Sergei Shablovsky
05:05 AM Regression #13182: Enabling /var as a RAM disks conflicts with ZFS: Sergei Shablovsky wrote in #note-2:
> Steve Wheeler wrote:
> > Disbaling RAM disks will not restore access.
>
> ... Sergei Shablovsky
05:00 AM Regression #13182: Enabling /var as a RAM disks conflicts with ZFS: Steve Wheeler wrote:
> Enabling /var as a RAM disk conflicts with existing mounts in ZFS systems.
>
> This most o... Sergei Shablovsky
06:59 AM Regression #13146 (Resolved): Captive Potal: Hosts remain connected after removing them from the table: Tested:... Danilo Zrenjanin
06:52 AM pfSense Docs Correction #13187 (Closed): Azure Frequently asked questions: https://docs.netgate.com/pfsense/en/latest/solutions/azure-appliance/faq.html#is-a-live-update-of-the-software-suppor... Danilo Zrenjanin
12:49 AM Revision 382f76bc: Remove orphaned ram disk backup script: Christian McDonald

05/19/2022

04:03 PM Feature #13125 (Resolved): Option to restore dashboard widget layout: Tested on... Christopher Cope
03:22 PM Regression #13059 (Resolved): Error when saving changes to a disabled OpenVPN client: Tested and fixed in... Christopher Cope
03:05 PM pfSense Docs Correction #13186: Help link on some pages doesn't lead to documents the user might expect: The wizard is always optional, even the first time. You can click the logo to skip it.
The switch bit isn't viable... Jim Pingle
02:08 PM pfSense Docs Correction #13186 (Resolved): Help link on some pages doesn't lead to documents the user might expect: I'm running a 2100 which I've updated and is the latest stable version (22.01) as of this writing.
Clicking the re... Geoff Hilton
01:37 PM Bug #13185 (Resolved): LDAP setup does not display 'Global Root CA List' option unless another CA also exists: When configuring an LDAPs authentication server that uses root CA signed certs, such as Google LDAP, you need to set ... Steve Wheeler
12:18 PM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: My issue has been solved: https://docs.netgate.com/pfsense/en/latest/troubleshooting/filterdns-thread-errors.html
... Tom Huerlimann
11:52 AM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: I'm sorry for the wrong wording and please excuse that i did not see that the other one is still confirmed.
I saw ... Tom Huerlimann
11:45 AM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: It was worded as a support question, not a bug report.
The issue you linked is still open, therefore this is redun... Jim Pingle
11:21 AM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: It‘s not a request for support, it‘s a request to fix a bug. Can you please mark it as a bug and increase priority as... Tom Huerlimann
11:14 AM Bug #13184 (Not a Bug): pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
11:04 AM Bug #13184 (Not a Bug): pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: Steps to reproduce
1. Login to pfsense WebGUI
2. Firewall > Aliases
3. Name = Test
4. Type = Host(s)
... Tom Huerlimann
12:03 PM Regression #13150: Captive Portal not applying per user bandwidths: This should be fixed by https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/87 , which changed pf etherne... Kristof Provost
11:15 AM Regression #12873 (Resolved): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: Jim Pingle
11:12 AM Regression #12873: Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: This seems to work as expected.... Steve Wheeler
10:53 AM Feature #12809 (Feedback): Recover existing SSH keys during installation: Hopefully the last fix necessary: https://github.com/pfsense/FreeBSD-src/commit/2f579c0ea863e061339bce682259dddc7d27c... Jim Pingle
10:36 AM Feature #12809 (In Progress): Recover existing SSH keys during installation: The recover_configxml.sh part is working, I see the console message that it recovered the SSH keys. However, they are... Jim Pingle
10:13 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Same here, plase fix it. Tom Huerlimann
09:36 AM Bug #12633 (Resolved): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: I retested on the SG-5100 as a PPPoE client. It works as expected. After unplugging the cable from the PPPoE parent i... Danilo Zrenjanin
08:47 AM pfSense Plus Regression #13183: ZFS module is loaded on systems without ZFS: Looks good so far. Applied patch on a 1000 and 3100 and rebooted, logged back into the GUI and the module remained un... Jim Pingle
08:32 AM pfSense Plus Regression #13183 (Feedback): ZFS module is loaded on systems without ZFS: This should do it: https://gitlab.netgate.com/pfSense/factory/-/merge_requests/61 Christian McDonald
08:15 AM pfSense Plus Regression #13183 (Resolved): ZFS module is loaded on systems without ZFS: A recent change in behavior is leading to the ZFS module getting loaded on systems that lack ZFS. When the user logs ... Jim Pingle
08:22 AM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I can't reproduce this on any of my Namecheap entries on today's snapshot with the fix in place. Looks good to me.
Jim Pingle
07:47 AM Bug #13164 (Resolved): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: Tested:... Danilo Zrenjanin
07:13 AM Bug #13174 (Resolved): Icon missing for user manager entries with a scope other than "user": Tested:... Danilo Zrenjanin
05:21 AM Bug #13171 (Resolved): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Tested:... Danilo Zrenjanin
03:23 AM Bug #13131 (Resolved): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Tested:... Danilo Zrenjanin

05/18/2022

07:20 PM Revision 0a008d14: Fix pf rule for 'any' proto. Fixes #4259: Jim Pingle
05:59 PM Revision c5eea399: Fix up recover_configxml.sh logic. Fixes #12809: * Determine ZFS pool automatically
* Mount cf dataset if it isn't mounted automatically (default is noauto
on lates... Jim Pingle
05:38 PM Bug #13169 (Assigned): captiveportal_ether_delete_entry() does not delete anchors/pipes: Reid Linnemann
05:37 PM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: We still seem to have issues around passthru mac deletion. I see that pipes persist after we remove a mac entry. Reid Linnemann
04:02 PM Regression #13182 (Resolved): Enabling /var as a RAM disks conflicts with ZFS: Enabling /var as a RAM disk conflicts with existing mounts in ZFS systems.
This most obviously presents as a probl... Steve Wheeler
03:48 PM Revision 142ffe35: Delete temporary route file on OpenVPN client disconnect. Fixes #13145: Viktor Gurov
03:42 PM Revision bdffb77d: Close earlier to avoid overlap. Fixes 12870: Gather the information we need from curl and close the handle earlier
rather than passing around the handle unnecessa... Jim Pingle
02:40 PM Feature #13181 (Rejected): add new feature to prevent users for wifi tethering/sharing: Not possible in pf. There is no way to set or change the TTL to a maximum value that would make a difference for that... Jim Pingle
06:19 AM Feature #13181 (Rejected): add new feature to prevent users for wifi tethering/sharing: please add a feature in pfsense to prevent users for wifi tethering/sharing like in mikrotik with ttl. We need this f... Adeel Asghar
02:30 PM Feature #4259 (Feedback): Port forward NAT rules with "any" protocol: Applied in changeset commit:0a008d142f32a667e93c5aeba97938f7b71eff5b. Jim Pingle
02:19 PM Feature #4259 (In Progress): Port forward NAT rules with "any" protocol: I can replicate the error here as well. It's failing to load the firewall rule because it has "proto any" where it sh... Jim Pingle
01:54 PM Feature #12809: Recover existing SSH keys during installation: Additional related fix: https://github.com/pfsense/FreeBSD-src/commit/f08bce6597c45c349a77b302d1f5a538d2283110 Jim Pingle
01:05 PM Feature #12809 (Feedback): Recover existing SSH keys during installation: Applied in changeset commit:c5eea3996c8ab0aa28a720725adbca7d85cf34e4. Jim Pingle
12:43 PM Feature #12809: Recover existing SSH keys during installation: I'll fix the recover_configxml.sh part up. I have some code I'm testing now.
Jim Pingle
12:27 PM Bug #13175 (Resolved): PHP error on MAC entry add/edit: Tested and working correctly on... Christopher Cope
11:15 AM Bug #12870 (Feedback): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Fixed in commit:bdffb77d1aa21770b23ef408ad9fba79d0825ec5 Jim Pingle
10:38 AM Bug #12870 (In Progress): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Seems to be a problem with multiple overlapping curl requests. It doesn't like making new requests when there is one ... Jim Pingle
10:55 AM Bug #13145: Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: Applied in changeset commit:142ffe35e82a4114adb06b7d5ddb7d7f70750cf6. Viktor Gurov
10:49 AM Bug #13145 (Feedback): Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: MR Merged. Jim Pingle
10:00 AM Regression #13178: Incorrect usage of DSCP hex value: The fix works, thank you.
It's worth noting that for the System_Patches package on 2.6.0 *b7b78ea1b14555972efaf7e6... Joshua Niles
12:51 AM pfSense Packages Bug #13180: High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4: not sure why there is strike-through and cannot edit original but this is line of significance in OP:
root 12912 2... RED SKULL
12:48 AM pfSense Packages Bug #13180 (Duplicate): High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4: SPECS:
-----
4 core Broadwell Xeon with SMT disabled in BIOS (0 logical cores)
32 GB DDR4 RAM
Powerd set to Maxi... RED SKULL

05/17/2022

07:12 PM Revision a375d2ac: Merge pull request #4586 from luckman212/outbound-nat-remove-colon: Jim Pingle
05:13 PM Revision a913a049: Fix rule label order and optimize. Fixes #13155: * Changes rule label order so the user label is first when present
* Clean up related redundant/suboptimal code along... Jim Pingle
04:49 PM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I can reproduce this in my lab with Namecheap as well.
I added some debug logging and it seemed to be getting caug... Jim Pingle
04:01 PM Revision af2fcf5f: Merge pull request #4585 from luckman212/fix-status-dhcpleases-wrong-ifname: Viktor Gurov
04:01 PM Revision 1dbcb405: Merge pull request #4583 from luckman212/add-restore-dashboard-layout: Viktor Gurov
04:01 PM Revision 68ff4b87: Merge pull request #4588 from luckman212/fix-infoblock-placement-firewall_nat_out.php: Viktor Gurov
03:58 PM Regression #13176 (Resolved): UPnP port mappings cause kernel panic: This looks good here too:... Steve Wheeler
01:59 PM Regression #13176: UPnP port mappings cause kernel panic: Tested on @22.05.b.20220517.1621@, port mapping is now created and no panic is triggered. Marcos M
09:30 AM Regression #13176 (Feedback): UPnP port mappings cause kernel panic: This will be fixed in the next snapshot. Kristof Provost
09:16 AM Regression #13176: UPnP port mappings cause kernel panic: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/85
I'll merge that, and merge the change to plus-d... Kristof Provost
06:57 AM Regression #13176: UPnP port mappings cause kernel panic: The panic appears to be in the `nvlist_add_number(nvl, "timestamp", pf_get_timestamp(rule));` line in pf_krule_to_nvr... Kristof Provost
02:40 PM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: The PR above was merged a while ago, needs re-tested.
If there is still a problem this should be moved to 22.09 so... Jim Pingle
02:39 PM Bug #13157 (Resolved): PHP error restoring DHCP lease data on fresh installation:: Tested and working successfully on... Christopher Cope
02:27 PM Feature #9393 (Resolved): Improved support for USB interfaces that may not always be present: Seems to be working about as well as we can hope for here. Maybe in the future we can add dummy entries into the inte... Jim Pingle
02:19 PM Feature #12687 (Feedback): Option to disable auto-addition of static routes for ``dpinger``: PR was merged two months ago. Jim Pingle
02:18 PM Bug #12757: Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``: PR: https://github.com/pfsense/pfsense/pull/4557
Can wait a little. Jim Pingle
02:15 PM Feature #13124: Option to wait for interface selection before displaying firewall rules: Move this ahead since it's a bit late to get in new features with a potentially high impact. Jim Pingle
02:14 PM Regression #13146 (Feedback): Captive Potal: Hosts remain connected after removing them from the table: PR was merged several days ago. Jim Pingle
02:13 PM Todo #13149 (Feedback): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: PR Merged Jim Pingle
12:30 PM Revision ed321966: captiveportal_ether_delete_entry() anchors/pipes delete fix. Issue #13169: Viktor Gurov
12:25 PM Regression #13155 (Feedback): Rule labels in pftop output are not correct: Applied in changeset commit:a913a049bf3c8004a68cc8711251c7a177e0760a. Jim Pingle
11:45 AM Regression #13155: Rule labels in pftop output are not correct: Looks good. Tested on @22.05.b.20220517.0600@.
Before patch @pftop -v label@ did not show rule labels with @USER_R... Marcos M
10:43 AM Regression #13155: Rule labels in pftop output are not correct: Rebased patch. Jim Pingle
11:57 AM Todo #13100 (In Progress): Transition Captive Portal from IPFW to PF: Viktor Gurov
11:13 AM Bug #13164 (Feedback): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: PR merged, thanks!
https://github.com/pfsense/pfsense/commit/68ff4b874fb41c6de003558911118638f0b06fb0 Viktor Gurov
11:12 AM Feature #13125 (Feedback): Option to restore dashboard widget layout: PR merged, thanks!
https://github.com/pfsense/pfsense/commit/1dbcb4052e2d0b64c4e97b75a073f36a2fc901d1 Viktor Gurov
11:12 AM Bug #13127 (Feedback): DHCP lease list displays wrong interface name in the "Leases in Use" summary if DHCP settings for a disabled interface remain in the configuration: PR merged, thanks!
https://github.com/pfsense/pfsense/commit/af2fcf5f9771adddf11c84db40113f81f7afc2ef Viktor Gurov
09:45 AM pfSense Packages Feature #13179 (New): Search based on CIDR: Search in Alerts for IPs that fall within a range instead of searching for a /32 source address
For example, if I se... Mike Moore
09:32 AM Revision 726c2c89: DSCP usage optimization. Fixes #13178: Viktor Gurov
09:23 AM Bug #13177 (Rejected): pppoe Cannot attach to ng_ether message: Invalid argument.: This is not a problem on its own. It's a side effect of mpd not being updated because the upgrade was not fully compl... Jim Pingle
06:53 AM Bug #13177: pppoe Cannot attach to ng_ether message: Invalid argument.: 3100 result:... Viktor Gurov
01:34 AM Bug #13177: pppoe Cannot attach to ng_ether message: Invalid argument.: I see the same issue on 3100 appliance, but not on 5100.
seems related to #12688 and https://github.com/pfsense/Free... Viktor Gurov
07:52 AM Bug #13169 (Feedback): captiveportal_ether_delete_entry() does not delete anchors/pipes: Merged:
https://github.com/pfsense/pfsense/commit/ed321966e14ccf3494536eb67ebb24ad37929833 Viktor Gurov
07:18 AM Bug #13169 (Pull Request Review): captiveportal_ether_delete_entry() does not delete anchors/pipes: Jim Pingle
02:58 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/788 Viktor Gurov
02:10 AM Bug #13169 (New): captiveportal_ether_delete_entry() does not delete anchors/pipes: @pfSense_pf_cp_get_eth_pipes()@ issue is fixed:
https://github.com/pfsense/FreeBSD-ports/commit/1c887f5eb2429fbc8040... Viktor Gurov
07:40 AM Regression #13178 (Feedback): Incorrect usage of DSCP hex value: Applied in changeset commit:726c2c891d56132a57fc6ba33a9d62a37223743d. Viktor Gurov
07:23 AM Regression #13178 (Pull Request Review): Incorrect usage of DSCP hex value: Jim Pingle
04:35 AM Regression #13178: Incorrect usage of DSCP hex value: It possible to use the "tos cs1" format, instead of the hex value.
fix:
https://gitlab.netgate.com/pfSense/pfSens... Viktor Gurov
02:21 AM Regression #13178 (Resolved): Incorrect usage of DSCP hex value: In the firewall UI, certain DSCP selections cause the rule to be created using a DSCP hex, rather than the ToS hex.
... Joshua Niles

05/16/2022

10:33 PM Bug #13177 (Rejected): pppoe Cannot attach to ng_ether message: Invalid argument.: pppoe fails to start after upgrading to 22.05 beta (from 22.01)
No session is ever established,
see
https://fo... net blues
07:37 PM Regression #13176: UPnP port mappings cause kernel panic: Tested with @22.05.b.20220513.0600@ on a ESXi VM by running a network test on a Playstation 5; the result gave NAT2 (... Marcos M
07:35 PM Regression #13176: UPnP port mappings cause kernel panic: See: https://forum.netgate.com/topic/172182/22-05-b-20220513-0600-upnp-crash Steve Wheeler
07:33 PM Regression #13176 (Resolved): UPnP port mappings cause kernel panic: Adding a port mapping via UPnP causes a kerlnel panic in 22.05.
Tested here using GUPnP Universal control point. ... Steve Wheeler
05:12 PM Revision b7ddc1b8: captiveportal_passthru_delete_entry() -> captiveportal_passthrumac_delete_entry(). Fixes #13175: Viktor Gurov
04:31 PM Revision edf6dbfa: User Mgr scope icon corrections. Fixes #13174: Jim Pingle
03:58 PM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: Florian Apolloner wrote in #note-15:
> I only looked over the code because I am heading out into the weekend but the... Bill Hughes
03:19 PM Bug #13169 (Feedback): captiveportal_ether_delete_entry() does not delete anchors/pipes: Fixed in 1c887f5e Reid Linnemann
11:56 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: I see what I did, I was expecting a single rule and that I should return its dnpipe and dnrpipe, when in actuality th... Reid Linnemann
11:32 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: Getting back 4 entries would indicate to me that the anchor path matches more than one rule, and you are getting the ... Reid Linnemann
11:07 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L1098
same issue after replacing @$ho... Viktor Gurov
04:33 AM Bug #13169 (Resolved): captiveportal_ether_delete_entry() does not delete anchors/pipes: For some reason, @pfSense_pf_cp_get_eth_pipes()@, and @pfSense_pf_cp_flush()@ does not work properly inside @captivep... Viktor Gurov
02:13 PM Revision 6f0d088a: Port Forward Redirect target IP save fix. Fixes #13171: Viktor Gurov
12:20 PM Bug #13175 (Feedback): PHP error on MAC entry add/edit: Applied in changeset commit:b7ddc1b810f16c827cb6e61b6316a23c649d1e1c. Viktor Gurov
11:53 AM Bug #13175 (Pull Request Review): PHP error on MAC entry add/edit: Jim Pingle
11:50 AM Bug #13175: PHP error on MAC entry add/edit: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/787 Viktor Gurov
11:45 AM Bug #13175 (Resolved): PHP error on MAC entry add/edit: ... Viktor Gurov
11:40 AM Bug #13174 (Feedback): Icon missing for user manager entries with a scope other than "user": Applied in changeset commit:edf6dbfa7d03460303d9aa16dc67334f9bbf3c01. Jim Pingle
11:30 AM Bug #13174 (Resolved): Icon missing for user manager entries with a scope other than "user": There is supposed to be an icon before each user manager entry to indicate the scope (e.g. system, user) but currentl... Jim Pingle
11:35 AM Bug #13171: Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Updating subject for release notes. Jim Pingle
11:30 AM Bug #13171 (Feedback): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Applied in changeset commit:6f0d088a8451802aacd4e7fa6be95d00707babd9. Viktor Gurov
11:13 AM Bug #13171 (Pull Request Review): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Jim Pingle
09:14 AM Bug #13171: Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/785 Viktor Gurov
06:06 AM Bug #13171 (Resolved): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Tested on 22.01 but I saw the same issue on 21.05_p2 too.
To reproduce this issue:
- I created alias for internal... Azamat Khakimyanov
09:07 AM Bug #13170 (Not a Bug): Internet (IPV6-)connectivity gone due to renaming WAN-interface: The internal name "wan" has nothing to do with your custom name "WAN" or "WAN_TEST".
The only references I see which... Jim Pingle
08:52 AM Bug #13170: Internet (IPV6-)connectivity gone due to renaming WAN-interface: Jim, could you please take me serious!
Hereby two config files:
- my actual config and
- the same config with th... Louis B
08:12 AM Bug #13170 (Incomplete): Internet (IPV6-)connectivity gone due to renaming WAN-interface: There isn't nearly enough information here to classify this as a bug. The interface name itself isn't referenced anyw... Jim Pingle
04:55 AM Bug #13170 (Not a Bug): Internet (IPV6-)connectivity gone due to renaming WAN-interface: Hello,
Yesterday I discovered that my IPV6 was not working any longer, despite the fact the both IPV4 and IPV6-gat... Louis B
08:18 AM Bug #13164 (Pull Request Review): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: Jim Pingle
08:15 AM Feature #13173 (Duplicate): Config restore could/should be better: Duplicate of #13172 Jim Pingle
06:42 AM Feature #13173 (Duplicate): Config restore could/should be better: Today I was trying to solve issues by partly restoring old config files. A few things about that:
- I think it is ... Louis B
08:15 AM Feature #13172 (Duplicate): Config restore could/should be better: Duplicate of #3696 Jim Pingle
06:41 AM Feature #13172 (Duplicate): Config restore could/should be better: Today I was trying to solve issues by partly restoring old config files. A few things about that:
- I think it is ... Louis B
08:00 AM pfSense Packages Bug #13166 (Pull Request Review): IPsec Export: Apple Profile generates invalid configuration: Jim Pingle
02:53 AM pfSense Packages Bug #13166: IPsec Export: Apple Profile generates invalid configuration: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/56 Viktor Gurov
07:57 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: → luckman212 wrote in #note-10:
> I was just looking at Open issues marked "very high" and this still comes up -- sh... Jim Pingle
07:56 AM Regression #13150: Captive Portal not applying per user bandwidths: Thinking about this a bit more, it's expected that ... Kristof Provost
07:54 AM Feature #4259 (New): Port forward NAT rules with "any" protocol: Jim Pingle
07:53 AM Feature #13168: Multiple Dashboard views for a single user: A: Please do not set a target version on issues. Feature planning and resource allocation are something we determine ... Jim Pingle
03:29 AM Bug #11764 (Feedback): IPv6 link local gateway default status not indicated in GUI: Daryl Morse wrote in #note-7:
> I was running 2.7.0-dev up to around mid-January, then I shut it down to test the 2.... Viktor Gurov

05/15/2022

04:28 PM Feature #13168 (New): Multiple Dashboard views for a single user: Dear pfSense Dev Team!
Dashboard - by determination are **place where results of analytics in form of charts AND/O... Sergei Shablovsky
03:05 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: Saved before I added the affected version: 2.6.0-RELEASE (amd64) Chris C
03:03 PM Regression #13167 (Resolved): DigitalOcean Dynamic DNS update fails with a "bad request" error: Dynamic DNS updates using the DigitalOcean plugin are failing, it looks like phpDynDNS isn't expecting a hyphen in th... Chris C
02:43 PM pfSense Packages Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration: Using 3DES for IPsec P1 and P2, the exported apple profile shows @DES3@ instead of @3DES@. This prevented a MacOS lap... Marcos M
02:33 PM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Now works. Marcos M
11:32 AM Regression #12873 (Feedback): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: This patch is now in 2.7 and 22.05-beta snapshots. Steve Wheeler
10:53 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client): @Flole have you tested this on any recent builds? There've been a lot of upstream fixes so, would be worth a try. I d... → luckman212
10:49 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: I was just looking at Open issues marked "very high" and this still comes up -- should it be closed? → luckman212
10:47 AM pfSense Packages Bug #13115: WireGuard panic due to KBI changes in ```udp_tun_func_t()```: @cmcdonald looks like John/Trond worked up a patch and it's been committed, see https://cgit.freebsd.org/ports/commit... → luckman212
01:48 AM Feature #13165 (Pull Request Review): Feat: live update for Services dashboard widget: I noticed that the Services dashboard widget did not live-update as services are modified. If a service dies or is st... → luckman212

05/14/2022

05:32 PM Bug #13158: Input validation error when applying limiter changes: Triggering this error on a couple of queues, then saving while on the pipe page leads to the queues being saved with ... Marcos M
01:01 PM Feature #4259: Port forward NAT rules with "any" protocol: I am still seeing the same error
2.7.0.a.20220513.0600
There were error(s) loading the rules: /tmp/rules.debug... Alhusein Zawi
06:52 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Sergei Shablovsky wrote in #note-3:
> Jim Pingle wrote in #note-1:
> > Do you mean increase? Decreasing distance wo... Sergei Shablovsky
06:40 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Jim Pingle wrote in #note-1:
> Do you mean increase? Decreasing distance would make them closer together and more li... Sergei Shablovsky
06:35 AM Feature #13161: FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: Jim Pingle wrote in #note-1:
> What "two commands" are you referring to?
>
> Flashing NIC LEDs would vary by hard... Sergei Shablovsky
04:08 AM Revision b6669022: fix infoblock placement on firewall_nat_out.php - redmine #13164: → luckman212

05/13/2022

11:11 PM Bug #13164: Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: PR: https://github.com/pfsense/pfsense/pull/4588 → luckman212
10:06 PM Bug #13164 (Resolved): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: @firewall_nat_out.php@ has a bug where the infoblock (i) is displayed wayyy off to the left of the main table when in... → luckman212
06:21 PM Revision 17c43ebc: Ensure same type comparison. Additional fix #13059: Marcos M
06:06 PM Revision eca0a3ac: mkdir before restoring extra data. Fixes #13157: Viktor Gurov
04:36 PM Bug #12440 (Resolved): Zero-value prefix IPv6 addresses are mishandled: Testes and working as expected on... Christopher Cope
03:13 PM Feature #12616 (Resolved): Option to filter state table contents by rule ID: Tested successfully on... Christopher Cope
01:40 PM Revision f653dfe6: ovpn-dnslinkup: do not set interface routes for DNS servers: If the OpenVPN server provides DNS server information (and 'Pull DNS' is
set) we add these DNS servers to our DNS con... Kristof Provost
01:31 PM Revision 620a9745: check_dnsavailable() improvement. Fixes #13162: Viktor Gurov
01:30 PM Regression #13059 (Feedback): Error when saving changes to a disabled OpenVPN client: Applied in changeset commit:17c43ebc182ebd147f50713b4bce5d6e3c072535. Marcos M
01:20 PM Bug #13157 (Feedback): PHP error restoring DHCP lease data on fresh installation:: Applied in changeset commit:eca0a3acd2e806a4bfb56d23413dafdd782a3280. Viktor Gurov
12:04 PM Bug #13157 (Pull Request Review): PHP error restoring DHCP lease data on fresh installation:: Jim Pingle
11:51 AM Bug #13157: PHP error restoring DHCP lease data on fresh installation:: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/784 Viktor Gurov
01:20 PM Bug #11629 (Feedback): PPPoE WAN IP address different than expected when set static by ISP: Merged Viktor Gurov
01:17 PM Todo #12701 (Feedback): Reorganize CARP status page: Merged Viktor Gurov
12:59 PM Revision b7ca68bc: Print correct pkg name. Fixes #13163: Jim Pingle
12:06 PM pfSense Packages Feature #13160 (Pull Request Review): Option to sort monitoring graph views: Jim Pingle
10:24 AM pfSense Packages Feature #13160: Option to sort monitoring graph views: updated PR: https://github.com/pfsense/FreeBSD-ports/pull/1167
I reworked this so everything is self-contained in ... → luckman212
12:06 AM pfSense Packages Feature #13160 (Pull Request Review): Option to sort monitoring graph views: By default, RRD (Status -> Monitoring) tabs are just displayed in order of creation. This can get a bit messy. This s... → luckman212
09:01 AM pfSense Packages Bug #13153 (Feedback): Static routes bound to WireGuard interfaces are not restored after down / up events: Merged https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/152 and synced upstream. Look for v0.1.6_2 of the... Christian McDonald
08:40 AM Regression #13162 (Feedback): Upgrade does not work when using only IPv6 DNS servers: Applied in changeset commit:620a974509585d341120662508f011deca2bd8b5. Viktor Gurov
08:14 AM Regression #13162 (Pull Request Review): Upgrade does not work when using only IPv6 DNS servers: Jim Pingle
05:48 AM Regression #13162: Upgrade does not work when using only IPv6 DNS servers: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/781 Viktor Gurov
04:53 AM Regression #13162 (Resolved): Upgrade does not work when using only IPv6 DNS servers: When only IPv6 DNS servers are used (in general config) GUI update is not functional.
Following message is displayed... Sietse van Zanen
08:30 AM Regression #13163 (Feedback): Incorrect variable in package error message results in "Array" being printed instead of package name: Applied in changeset commit:b7ca68bc5a4bbbd38a305bacb8ea19370082f66a. Jim Pingle
07:53 AM Regression #13163 (Resolved): Incorrect variable in package error message results in "Array" being printed instead of package name: If the package system fails to find a package in the repository it's printing the name incorrectly in the error:
<... Jim Pingle
08:11 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: I've gotten used to the pinch and zoom when doing stuff on mobile. Yes the buttons are small, but I agree with Jim - ... → luckman212
07:27 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Do you mean increase? Decreasing distance would make them closer together and more likely to be hit accidentally.
... Jim Pingle
07:31 AM Feature #13161: FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: What "two commands" are you referring to?
Flashing NIC LEDs would vary by hardware/driver/etc. There isn't a gener... Jim Pingle
03:05 AM Feature #13161 (New): FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: Dear pfSense Dev Team!
Seems there are reason to making FLASH PORT'S LED button in sections Interface (and State /... Sergei Shablovsky
04:49 AM Regression #13150 (In Progress): Captive Portal not applying per user bandwidths: Viktor Gurov
04:48 AM Regression #13150: Captive Portal not applying per user bandwidths: Kristof Provost wrote in #note-8:
> No, that won't work on ethernet rules. The 'dnpipe (1, 2)' syntax tell pf to app... Viktor Gurov

05/12/2022

09:15 PM Todo #13159 (New): Decrease distance between img-buttons in webGUI to eliminate mistake entry: Hi, dear pfSense Dev Team!
Please, decrease distance between img-buttons in “Action” column in most webGUI pages t... Sergei Shablovsky
08:30 PM pfSense Packages Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events: I also played around with @devd@, adding something like this to @/usr/local/etc/devd/custom.conf@:... → luckman212
08:12 PM pfSense Packages Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events: I found what appears to be the cause, and submitted a small PR:
https://github.com/theonemcdonald/pfSense-pkg-Wire... → luckman212
08:24 AM pfSense Packages Bug #13153 (Resolved): Static routes bound to WireGuard interfaces are not restored after down / up events: h5. This was tested on today's 22.05 snap: 22.05.b.20220512.0600 using WG package 0.1.6_1 / kmod-0.0.20211105_1
h... → luckman212
07:47 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Hey Netgate,
What happened to this fix... I see that the 22.05 beta is out and this bug is still set to CE-NEXT an... Dennis Adler
12:10 PM Bug #13158 (Resolved): Input validation error when applying limiter changes: Tested on @22.05.b.20220512.0600@.
# make a change to a limiter queue; save
# click on the queue to reload the pa... Marcos M
12:02 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: I don't see any immediate reason it should not be working, the patch is definitely applied and the pass all not layer... Reid Linnemann
12:00 PM pfSense Docs Todo #12990 (Closed): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: Marcos M
11:55 AM Bug #9024 (Feedback): Ping packet loss under load when using limiters: Marcos M
11:48 AM Bug #9024: Ping packet loss under load when using limiters: This seems to be resolved with 22.05. Testing with iperf3 client behind the firewall, and an iperf3 server a couple o... Marcos M
11:42 AM Bug #13157 (Resolved): PHP error restoring DHCP lease data on fresh installation:: Restoring a configuration with DHCP lease data can lead to a PHP error when restoring during a fresh install:
<pre... Jim Pingle
11:25 AM Regression #12915 (Resolved): ``diag_pftop.php`` does not fully encode output: Working properly on current snapshots. Jim Pingle
11:18 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work: pfBlockerNG page shows:
> When manually creating 'Alias' type firewall rules; Prefix the Firewall rule Description wi... Marcos M
11:16 AM pfSense Packages Regression #13156 (Resolved): pfBlockerNG IP block stats do not work: On 22.01, the filter log rules description includes the rule id in parenthesis. This breaks the IP block tracking for... Marcos M
11:10 AM Bug #12900 (Duplicate): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Marcos M
11:10 AM Regression #13155 (Pull Request Review): Rule labels in pftop output are not correct: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/780
After applying the patch to test, check the co... Jim Pingle
11:06 AM Regression #13155 (Resolved): Rule labels in pftop output are not correct: The output from @pftop@ uses the first label from the rule, so it's getting other incorrect labels now such as the ru... Jim Pingle
08:50 AM pfSense Packages Todo #12354 (Feedback): Update haproxy-devel to mitigate CVE-2021-40346: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/8e2872d9734568b53d87285de1c50a21f0560551 Viktor Gurov
08:14 AM pfSense Packages Todo #12354 (Pull Request Review): Update haproxy-devel to mitigate CVE-2021-40346: Jim Pingle
12:58 AM pfSense Packages Todo #12354 (New): Update haproxy-devel to mitigate CVE-2021-40346: revert:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/237 Viktor Gurov
08:46 AM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load: I'm also the OP for that ticket, too. Michael Novotny
08:44 AM pfSense Packages Bug #13154 (Duplicate): pfBlocker causing excessive CPU load: Almost certainly a duplicate of #12827 and not a unique issue. Jim Pingle
08:42 AM pfSense Packages Bug #13154 (Resolved): pfBlocker causing excessive CPU load: After killing that process (/usr/local/bin/php_pfb), my bandwidth & CPU usage was back to normal.
I'm running this o... Michael Novotny
07:11 AM Regression #13150: Captive Portal not applying per user bandwidths: No, that won't work on ethernet rules. The 'dnpipe (1, 2)' syntax tell pf to apply pipe 1 on forward traffic, and pip... Kristof Provost
04:21 AM Regression #13150: Captive Portal not applying per user bandwidths: Looks like dnpipe issue.
Maybe we should use L3-like dnpipe syntax, like:... Viktor Gurov
06:08 AM Bug #13152 (Duplicate): Disconnecting PPPoE generates PHP error: Duplicate of #13134 Viktor Gurov
05:22 AM Bug #13152 (Duplicate): Disconnecting PPPoE generates PHP error: I noticed this issue on the:... Danilo Zrenjanin
05:39 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Danilo Zrenjanin wrote in #note-10:
> Tested the patch:
> [...]
>
> After removing the cable on the PPPoE (WAN) ... Viktor Gurov
04:48 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Tested the patch:... Danilo Zrenjanin
04:24 AM Bug #13148 (Feedback): Traffic passed by Captive Portal cannot use limiter queues on other rules: Merged:
https://github.com/pfsense/FreeBSD-src/commit/faf3efce30185573cfd263d019b2efa2745842af Viktor Gurov

05/11/2022

11:59 PM Revision fa2e511d: pfSense: Fix missing global decl in captiveportal_get_last_activity. Fixes #13147: linnemannr
07:52 PM pfSense Docs Todo #12990: Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: #9263 is no longer an issue with 22.05, and potentially neither is #9024. Something that's not clear is that if fq_co... Marcos M
07:10 PM Regression #13147 (Feedback): Captive Portal: Idle timeout does not see activity: Applied in changeset commit:fa2e511df4765c6e15b390214dd0a7b5868960d9. Anonymous
07:07 PM Regression #13147: Captive Portal: Idle timeout does not see activity: Additionally, the function captiveportal_get_last_activity() did not declare $config as a global, so the zone id was ... Reid Linnemann
01:12 PM Regression #13147: Captive Portal: Idle timeout does not see activity: It returns an empty array because the function never actually called pf_ctl_get_eth_rules() to get the rules before i... Reid Linnemann
05:30 AM Regression #13147: Captive Portal: Idle timeout does not see activity: @pfSense_pf_cp_get_eth_last_active("{$anchor}/{$ip}_32")@ returns empty array Viktor Gurov
05:24 AM Regression #13147: Captive Portal: Idle timeout does not see activity: Related to:
https://github.com/pfsense/pfsense/commit/978ea0858dd24d1cbcca02a69a501e0ef37c11da Viktor Gurov
05:47 PM Revision 6578d950: Fix JS for mobile IPsec disconnect. Fixes #13131: Jim Pingle
05:45 PM Bug #12737: CA path is not defined when using ``curl`` in the shell: For reference, the cert store can be specified:
> curl -vso /dev/null --cacert /etc/ssl/certs/a734448e.0 --connect-ti... Marcos M
03:25 PM Revision 0db2b0ff: Captive Portal per user bandwidths fix. Issue #13150: Viktor Gurov
03:23 PM Feature #7727 (Resolved): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Lots of positive feedback on the forum here showing it's working as well as can be expected now.
There are still s... Jim Pingle
03:20 PM Regression #13106 (Resolved): ``pfanchordrill`` treating errors as anchor names: This one is fixed. Jim Pingle
03:17 PM Regression #13011 (Resolved): Ruleset can fail to load on snapshot from March 31st: Fixed and working for a while now. Jim Pingle
03:16 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Still no meaningful feedback here, can keep waiting until someone who can replicate the original problem can confirm ... Jim Pingle
03:14 PM Feature #8861 (Resolved): Show SFP module details on ``status_interfaces.php``: Looks great now:
!2022-05-11_16-13.png! Jim Pingle
03:10 PM Regression #12816 (Resolved): Namecheap Dynamic DNS responses are not parsed properly: This has been working well since it went in. Jim Pingle
02:52 PM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/83 should fix the problem.
Kristof Provost
09:28 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: It looks like you need to have multiple queues defined on the pipe for this to manifest. Kristof Provost
06:58 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: Do you have anything special configured for captive portal? Bandwidth restrictions or something?
I've tried to rep... Kristof Provost
02:48 PM Feature #12675 (Resolved): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: This is working very well. Option is active after config restore, it's only in the config, no more flag file. All OK. Jim Pingle
12:55 PM Bug #13131 (Feedback): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Applied in changeset commit:6578d9501401287f72be543b159e2f6b19d5e736. Jim Pingle
12:46 PM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: I was able to replicate the problem and have a fix. Jim Pingle
12:43 PM Bug #13131 (In Progress): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Jim Pingle
05:27 AM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Tested:... Danilo Zrenjanin
12:50 PM Regression #13150 (Confirmed): Captive Portal not applying per user bandwidths: With that patch the pipes are created correctly:... Steve Wheeler
10:52 AM Regression #13150 (Feedback): Captive Portal not applying per user bandwidths: Merged:
https://github.com/pfsense/pfsense/commit/0db2b0ff8b44d4b99a488ee798041a056a00dd10 Viktor Gurov
10:31 AM Regression #13150 (Pull Request Review): Captive Portal not applying per user bandwidths: Jim Pingle
10:26 AM Regression #13150: Captive Portal not applying per user bandwidths: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/778 Viktor Gurov
08:32 AM Regression #13150 (Resolved): Captive Portal not applying per user bandwidths: Enabling 'Per-user bandwidth restriction' in the captive portal and setting limits does not apply them to the created... Steve Wheeler
12:45 PM Bug #13132 (Resolved): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: I was getting the error only when manually added sshdata tags in the following order:... Danilo Zrenjanin
06:12 AM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Tested the patch against:... Danilo Zrenjanin
12:41 PM Feature #9091 (Resolved): Chelsio TOE support using the ``t4_tom`` module: Tested:... Danilo Zrenjanin
12:29 PM Feature #13109 (Resolved): Trim whitespace from MAC addresses in user input: Tested and working successfully on... Christopher Cope
12:27 PM Revision dfd4d0e9: remove colon to stay consistent with the rest of the GUI: → luckman212
12:27 PM Regression #13122 (Resolved): PHP error from Captive Portal status on current development snapshots: Tested:... Danilo Zrenjanin
12:13 PM Regression #13123 (Resolved): PHP error from Captive Portal at boot on current development snapshots: Tested:... Danilo Zrenjanin
12:09 PM Revision 7610a397: Cleanup PPPoE VIPs on interface down to fix IP address order. Issue #11629: Viktor Gurov
11:18 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: Want to tell again on version of haproxy that now this actions not needed, please remove them DRago_Angel [InV@DER]
10:14 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: This patch seems to conflict with http-request redirect action:... Micha Kersloot
10:30 AM Bug #13151 (Not a Bug): DNS Resolver (unbound) leaking DNS queries: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:02 AM Bug #13151 (Not a Bug): DNS Resolver (unbound) leaking DNS queries: Not sure if this is a bug or a misconfiguration/misunderstanding of unbound on my part?
Platform: pfSense+ 22.01-R... Michael Mercier
08:50 AM pfSense Docs Todo #13143 (Closed): minor correction: WireGuard Remote Access VPN Configuration Example: Pushed a fix, it'll be public when the build finishes in a few minutes. Jim Pingle
06:37 AM pfSense Docs Todo #13143: minor correction: WireGuard Remote Access VPN Configuration Example: screenshot
!clipboard-202205110737-gbfno.png!
→ luckman212
08:06 AM Bug #11629 (Pull Request Review): PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle
07:10 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/777 Viktor Gurov
06:40 AM Bug #11629 (Confirmed): PPPoE WAN IP address different than expected when set static by ISP: able to reproduce on pfSense-2.7.0.a.20220511.0600 Viktor Gurov
08:05 AM Todo #13149: Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: related forum post: https://forum.netgate.com/topic/172102/updating-texts-that-are-referenced-by-gettext-translations... → luckman212
08:04 AM Todo #13149 (Pull Request Review): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: Jim Pingle
07:32 AM Todo #13149 (Resolved): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: Firewall → NAT → Outbound → Automatic rules table header has a @:@ after it, which is not seen anywhere else in the G... → luckman212

05/10/2022

08:43 PM Regression #13134 (Resolved): PHP error when releasing DHCP lease: Fix works, thanks! Marcos M
02:25 AM Regression #13134 (Feedback): PHP error when releasing DHCP lease: Applied in changeset commit:6292f557bfc5d4131236138a8f48e62da731a71a. Viktor Gurov
08:39 PM Bug #9263: Incorrect ICMP reply when using limiters: → luckman212 wrote in #note-10:
> Is there any way us mere mortals can access these snaps? Or are they still private... Marcos M
01:32 PM Bug #9263: Incorrect ICMP reply when using limiters: Is there any way us mere mortals can access these snaps? Or are they still private only? → luckman212
01:29 PM Bug #9263 (Feedback): Incorrect ICMP reply when using limiters: Tested on @22.05.a.20220510.1205@ with either pass quick or match rules on either LAN or WAN interfaces. This is now ... Marcos M
07:25 PM pfSense Packages Bug #13115 (Feedback): WireGuard panic due to KBI changes in ```udp_tun_func_t()```: Christian McDonald
07:04 PM Bug #13148 (Resolved): Traffic passed by Captive Portal cannot use limiter queues on other rules: Traffic that has been passed by the captive portal on an interface will fail if it passed into a dummynet queue by ot... Steve Wheeler
06:08 PM Revision 6cdd2fda: pfanchordrill Captive Portal anchors support. Fixes #13142: Viktor Gurov
04:33 PM Regression #13147 (Resolved): Captive Portal: Idle timeout does not see activity: The idle timeout value is applied regardless of activity from the connected user. Functions as a hard timeout.
Her... Steve Wheeler
03:50 PM Revision aa11df80: Adapt OpenVPN widget to new output. Fixes #13129: Jim Pingle
03:23 PM Bug #13127 (Pull Request Review): DHCP lease list displays wrong interface name in the "Leases in Use" summary if DHCP settings for a disabled interface remain in the configuration: Jim Pingle
03:22 PM Feature #13125 (Pull Request Review): Option to restore dashboard widget layout: Jim Pingle
03:22 PM Regression #12954 (Resolved): Traffic routed through DUMMYNET by PF fails when IPFW is enabled: Yes, this is solved in 22.05 now that ipfw is no longer used.
You can run Captive Portal and Limiters and pass tra... Steve Wheeler
03:17 PM Regression #12954 (Feedback): Traffic routed through DUMMYNET by PF fails when IPFW is enabled: Is this fixed now that the new code is all in? Jim Pingle
03:19 PM Regression #13026 (Feedback): Limiters do not work: This needs re-tested now that all the new code is in. Jim Pingle
03:19 PM Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: This seems to be working OK despite how it looks. It can wait for the next release. Jim Pingle
02:47 PM Revision 3e49e032: Captive Portal host remove fix. Issue #13146: Viktor Gurov
01:15 PM Regression #13142 (Feedback): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: Applied in changeset commit:6cdd2fda5c28fdca8171e14fdbd4b0eb98177ee1. Viktor Gurov
06:50 AM Regression #13142 (Pull Request Review): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: Steve Wheeler
06:49 AM Regression #13142: PHP shell ``pfanchordrill`` script produces errors on captive portal tables: That patch fixes it for my use case shown above. Steve Wheeler
02:39 AM Regression #13142: PHP shell ``pfanchordrill`` script produces errors on captive portal tables: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/773 Viktor Gurov
11:48 AM Feature #12982: Add support for RFC7499 in RADIUS library.: Hello team,
Any further progress? Sorry keep bugging you guys, but I just need to know, if possible, any rough ET... Frank Lee
11:28 AM Todo #13129: OpenVPN status page improvements: Widget should be OK now, fixed by commit:aa11df80ebd8c8dc07dfaafba364fac32a6631e0 Jim Pingle
11:07 AM Todo #13129: OpenVPN status page improvements: The OpenVPN widget shows P2P tunnels as down even when they are connected and passing traffic.
Tested: 22.05.a.202... Steve Wheeler
08:59 AM Regression #13146: Captive Potal: Hosts remain connected after removing them from the table: That patch looks good. After removing the host the anchor is removed from the ruleset:... Steve Wheeler
08:54 AM Regression #13146 (Pull Request Review): Captive Potal: Hosts remain connected after removing them from the table: Jim Pingle
08:42 AM Regression #13146: Captive Potal: Hosts remain connected after removing them from the table: related to https://github.com/pfsense/pfsense/commit/978ea0858dd24d1cbcca02a69a501e0ef37c11da
fix:
https://gitl... Viktor Gurov
07:05 AM Regression #13146 (Resolved): Captive Potal: Hosts remain connected after removing them from the table: When you remove a connected client using the 'Disconnect this user' button in Status > Captive Portal the user is rem... Steve Wheeler
07:37 AM Bug #13145 (Pull Request Review): Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: Jim Pingle
03:04 AM Bug #13145: Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/774 Viktor Gurov
03:02 AM Bug #13145 (Resolved): Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: from #13140:
pfSense+ version 22.01 on Netgate 7100 1u
I have run into an issue where users connecting to OpenV... Viktor Gurov
07:25 AM Bug #13144: Firewall rule entries can get out of sync when entries are deleted while other administrators are editing entries simultaneously: This is a known issue throughout the GUI, it isn't unique to rules. Any items in any area accessed by array index 'id... Jim Pingle
01:27 AM Bug #13144 (New): Firewall rule entries can get out of sync when entries are deleted while other administrators are editing entries simultaneously: tested versions:
2.4.5
2.6.0
Prereqs
Admin A logs in to Firewall
Admin B logs in to same Firewall
Inten... Silvan Ehemann
07:17 AM Revision cf38c37a: ssh-keygen check improvements. Fixes #13139: Viktor Gurov
03:04 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Jim Pingle wrote in #note-8:
> Michael Mercier wrote in #note-1:
> > At lease one other thing I have noticed while ... Viktor Gurov
02:25 AM Bug #13139 (Feedback): Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: Applied in changeset commit:cf38c37a75153b55520f83efe074e0b6e4810c4b. Viktor Gurov
02:15 AM Bug #12691: Support encrypted ``config.xml`` files when restoring during install: latest fix:
https://github.com/pfsense/FreeBSD-src/commit/072e35cbaebc20469dd6287fb160bb68a8de4189 Viktor Gurov

05/09/2022

09:46 PM pfSense Docs Todo #13143 (Closed): minor correction: WireGuard Remote Access VPN Configuration Example: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html
*Feedback:*
in the example config fi... → luckman212
08:03 PM Regression #13142: PHP shell ``pfanchordrill`` script produces errors on captive portal tables: Similar to #13106 which should already be fixed in the repo but the behavior is slightly different. This isn't gettin... Jim Pingle
06:15 PM Regression #13142 (Resolved): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: When running the pfanchordrill PHP shell script on a system with captive portal enabled the following errors are show... Steve Wheeler
07:36 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: @cmcdonald Just for the record, I'm hitting this exact issue right now on current 22.05 snaps, with WG 0.1.6_1 packag... → luckman212
05:33 PM pfSense Packages Bug #13141 (New): wrong page squidguard block: when i using squid+squidguard, a few versions before I could use redirect mode external url move.
So there i was put... Robson Ferreira
02:32 PM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install: Fix merged Jim Pingle
02:09 PM Bug #12691 (In Progress): Support encrypted ``config.xml`` files when restoring during install: This introduced a syntax error. Fix incoming. Jim Pingle
09:22 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Michael Mercier wrote in #note-1:
> At lease one other thing I have noticed while trying to debug the issue:
>
> ... Jim Pingle
09:21 AM Bug #13140 (Not a Bug): Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: No worries, there were recent changes in that code so it was entirely possible there was a gremlin lurking there. Gla... Jim Pingle
09:19 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Ahh... see output below.
So the end result of all this is that *I* put the wrong IP entries in the Cisco-AVPair res... Michael Mercier
09:03 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: I suspect it's using a table to simplify those last few and you aren't dumping the contents like it expects:
Try:
... Jim Pingle
08:46 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Output below, if there is something additional you need please let me know.... Michael Mercier
08:31 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Please show the actual contents of the rules file and the contents of the `pfctl` output for the anchor. You can subs... Jim Pingle
07:57 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: As I do a little more digging...
Once a user who is not receiving the correct rules has connected, from the command ... Michael Mercier
07:05 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: At lease one other thing I have noticed while trying to debug the issue:
# The file(s) containing the 'route' opti... Michael Mercier
06:54 AM Bug #13140 (Not a Bug): Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: pfSense+ version 22.01 on Netgate 7100 1u
I have run into an issue where users connecting to OpenVPN using a RADIU... Michael Mercier
08:29 AM Bug #13139 (Pull Request Review): Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: Jim Pingle
07:56 AM Regression #13134 (Pull Request Review): PHP error when releasing DHCP lease: Jim Pingle
06:59 AM Regression #13026: Limiters do not work: It's being suggested in #9263 to apply the limiter on the LAN interface as a workaround. I guess that wouldn't work w... → luckman212
05:51 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Viktor Gurov wrote in #note-13:
> Merged:
> https://github.com/pfsense/pfsense/commit/6c98abd379b9222824ba8465c3825... D D
01:48 AM Bug #9263: Incorrect ICMP reply when using limiters: Marcos Mendoza wrote in #note-7:
> On 22.05, this seems to only happen when applying limiters on the WAN interface r... Tomasz K.

05/08/2022

03:42 PM Revision 6292f557: Add default value to $ipv6type argument of restart_interface_services(). Fixes #13134: Viktor Gurov
03:07 PM Bug #9024: Ping packet loss under load when using limiters: Potential workaround: https://redmine.pfsense.org/issues/9263#note-7 Marcos M
03:05 PM Bug #9263: Incorrect ICMP reply when using limiters: On 22.05, this seems to only happen when applying limiters on the WAN interface rather than the LAN interfaces. For e... Marcos M
05:20 AM Revision ef16abd8: add option to restore dashboard widget layout: → luckman212
04:50 AM Bug #13139: Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/771 Viktor Gurov
04:46 AM Bug #13139 (Resolved): Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: In some rare cases (backup/restore related?) /etc/sshd unable to generate new keys because of dirty subsystem lock fi... Viktor Gurov
03:43 AM Revision 22adbe09: fix for https://redmine.pfsense.org/issues/13127: → luckman212
02:36 AM Feature #4259: Port forward NAT rules with "any" protocol: Alhusein Zawi wrote in #note-15:
> Error:
>
> There were error(s) loading the rules: /tmp/rules.debug:166: syntax... Viktor Gurov
02:08 AM Bug #12610 (Duplicate): Dynamic DNS services are restarted at every rc.newwanip event, regardless of whether the IP is changed or not: Duplicate of #9506 Viktor Gurov
02:08 AM Bug #9506 (Duplicate): Dynamic DNS update notification sent even if IP address didn't change: Duplicate of #9506 Viktor Gurov
01:55 AM Bug #11629 (Feedback): PPPoE WAN IP address different than expected when set static by ISP: Merged:
https://github.com/pfsense/pfsense/commit/6c98abd379b9222824ba8465c38253d6bd6f5253 Viktor Gurov
01:50 AM pfSense Packages Feature #13135: Add dibdot DoH-IP-blocklists feeds: https://github.com/pfsense/FreeBSD-ports/pull/1165 Viktor Gurov
01:18 AM Regression #13134: PHP error when releasing DHCP lease: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/770 Viktor Gurov

05/07/2022

09:52 PM Regression #12827: High latency and packet loss during a filter reload: Hello,
Can we please get an update on this and what needs to be tested before release? Kris Phillips
09:45 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Unfortunately, it seems that with the May 6th build of 22.05 netgraph is still broken for VLAN0 tagged DHCP traffic. ... Kris Phillips
09:24 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Fix to the script here resolves the ngeth interface issue since they are already part of netgraph:
https://github.co... Kris Phillips
02:17 PM Revision 6c98abd3: Cleanup PPPoE VIPs to fix IP address order. Issue #11629: Viktor Gurov
02:15 PM Revision d8a87019: Remove topology keyword from openvpn_cc file. Fixes #13133: Marcos M
01:42 PM Feature #4259: Port forward NAT rules with "any" protocol: Error:
There were error(s) loading the rules: /tmp/rules.debug:166: syntax error - The line in question reads [1... Alhusein Zawi
12:33 PM pfSense Docs New Content #12597: How to reset IPMI settings and password for Netgate appliances: Commit adding IPMI password reset steps to the current reference page which appears in the 1537 and 1541 documentatio... Chris W
09:25 AM Bug #13133 (Feedback): OpenVPN ``client-connect`` file contains ``topology``: Applied in changeset commit:d8a8701961cf58e6232c4f6bff550936d985dc0f. Marcos M
08:38 AM Regression #13126 (Resolved): NAT rules are not saving properly, they are losing the `local-port` value: Tested:... Danilo Zrenjanin
02:52 AM pfSense Packages Feature #13138 (New): DNS over HTTPS/TLS Blocking should be removed from SafeSearch: Currently there is an option for DNS over HTTPS/TLS Blocking located
Firewall --> pfBlockerNG --> DNSBL --> DNSBL ... Jon Brown
02:39 AM pfSense Packages Feature #13137 (New): ckuethe/doh-blocklist.txt add to DoH feeds: This Gist is a list of DoH servers scraped from https://github.com/curl/curl/wiki/DNS-over-HTTPS which is referenced ... Jon Brown
02:27 AM pfSense Packages Feature #13136 (New): Add crypt0rr DNS-over-HTTPS (DOH) provider list feeds: A simple list with public DNS-over-HTTPS (DOH) providers so you can easily block them.
* The list is based on DNS ... Jon Brown
02:18 AM pfSense Packages Feature #13135 (Resolved): Add dibdot DoH-IP-blocklists feeds: This is a large list of DoH servers and the list has been recently updated.
GitHub Repo: https://github.com/dibdo... Jon Brown

05/06/2022

06:04 PM Regression #13026: Limiters do not work: Using floating match rules as originally described, limiters do not yet work for me in either out/in direction. I am ... Marcos M
05:31 PM Revision f2c2a2b4: OpenVPN status improvements. Implements #13129: * Clean up and improve client/p2p state interpretation
* Output OpenVPN instance interface names
* Improve formatting... Jim Pingle
05:23 PM Revision 3f479ecb: Revert "Revert "Remove the leftover pfSense-installer repo if it exists"": This reverts commit ae40f82dc7bdc2cbef8a22ee682ec97e5a69fbd8.
Bring this back in now the build puts the file in /tmp... Brad Davis
05:04 PM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: We replicated this on a customer firewall using Cloudflare dyndns.
At boot the client comes up correctly and shows... Steve Wheeler
02:38 PM Revision 795e6194: Use dnctl(8) to control limiter rules. Feature #12579: Viktor Gurov
02:38 PM pfSense Packages Feature #13063 (Pull Request Review): Improve modem support: Jim Pingle
02:59 AM pfSense Packages Feature #13063: Improve modem support: One more update to provide full support for Quectel EC25 and ensure compatibility with more candidate modems by utili... Konstantinos Kondylis
02:36 PM Bug #11629 (Pull Request Review): PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle
06:02 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Dan Rice wrote in #note-10:
> We still have this issue and as a workaround (to present out Public IP as something els... Viktor Gurov
03:25 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: We still have this issue and as a workaround (to present out Public IP as something else) we setup an Outbound NAT ma... Dan Rice
12:40 PM Todo #13129 (Feedback): OpenVPN status page improvements: Applied in changeset commit:f2c2a2b4131841b0b26d154742ef890708a7946c. Jim Pingle
12:08 PM Regression #13134 (Resolved): PHP error when releasing DHCP lease: Go to @Status / Interfaces@ and click @Release <interface>@
> Fatal error: Uncaught ArgumentCountError: Too few argu... Marcos M
10:51 AM Bug #12579 (Feedback): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: Merged:
https://github.com/pfsense/pfsense/commit/795e61945b92495507d17d8f2aa4795a26fd3876 Viktor Gurov
06:07 AM Revision 1e4911dc: Remove duplicate SSHDATA tag. Fixes #13132: Viktor Gurov
01:59 AM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: !clipboard-202205060857-lyees.png!
It is clients (roadwarriors) using IKEv2 with PSKs
I added a snapshot more. ... Lars Pedersen
01:15 AM Bug #13132 (Feedback): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Applied in changeset commit:1e4911dcb05d66e84dbc21047435b2abb44377ac. Viktor Gurov

05/02/2022

08:44 PM Revision ef267412: more spelling fixes: Kris Anderson
08:42 PM Revision 0a30410b: more accurate error message: Kris Anderson
08:37 PM Revision 39414efc: fix a spelling mistake: Kris Anderson
08:23 PM Revision 635e5b9d: max dhcp lease can be equal to the default lease: Kris Anderson
08:18 PM Bug #13121 (Rejected): Interfaces Groups not restoring after restoring from backup: Interfaces Groups not restored after restoring from backup: Interfaces restored but Interfaces groups - not.
But M... Sergei Shablovsky
08:12 PM Bug #13120 (Rejected): Widgets on Dashboard not restoring after restoring from backup: Widgets on Dashboard (it’s name, position on Dashboard and numbers of columns in Dashboard) not restoring after resto... Sergei Shablovsky
03:47 PM Feature #13118: Relax DHCP maximum lease time input validation: Offstage Roller wrote:
> Forum thread:
> https://forum.netgate.com/topic/171808/the-maximum-lease-time-must-be-at-l... Offstage Roller
03:32 PM Feature #13118 (Resolved): Relax DHCP maximum lease time input validation: Forum thread:
https://forum.netgate.com/topic/171808/the-maximum-lease-time-must-be-at-least-60-seconds-and-higher-t... Offstage Roller
03:44 PM pfSense Packages Bug #13119: Problem with the visibility of the Squid Proxy Server submenu: I have the squid package installed, but Squid Proxy Server does not appear in my Services menu
How can i solve this ... Jorge Fernando Valdes
03:41 PM pfSense Packages Bug #13119 (Not a Bug): Problem with the visibility of the Squid Proxy Server submenu: I have the squid package installed, but Squid Proxy Server does not appear in my Services menu
How can i solve this ... Jorge Fernando Valdes
03:38 PM pfSense Packages Bug #13114: BIND calls rndc in rc_stop when named is not running: https://github.com/pfsense/FreeBSD-ports/pull/1163 Stuart Wyatt
03:38 PM pfSense Packages Bug #13113: BIND widget uses old/bad path to .conf file: https://github.com/pfsense/FreeBSD-ports/pull/1163
Stuart Wyatt
03:34 PM Revision 76569401: Improve OpenVPN "tls-client"/"pull". Fixes #13116: "tls-client" and "client" are redundant, so only use "tls-client" and
"pull". Omit "pull" in cases where it is known ... Jim Pingle
02:07 PM Bug #12796 (Confirmed): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.: This error is still happening. Just worked with a customer facing this issue while attempting to upgrade. Christopher Cope
12:49 PM Bug #13116: OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: The @route-nopull@ option is harmless in this case. If it is present without @pull@ it does nothing, doesn't even log... Jim Pingle
11:39 AM Bug #13116: OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: Does this need to take into account the `route-no-pull` option? Marcos M
10:45 AM Bug #13116 (Feedback): OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: Applied in changeset commit:7656940124d108194df34ec0793ac1263aaabf23. Jim Pingle
10:04 AM Bug #13116 (Resolved): OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: There are a few problems with how we currently build a client configuration using the @tls-client@ and @client@ direc... Jim Pingle
12:47 PM Regression #13117: pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations: It seems the issue described initially is a symptom of a race condition with writing the configuration. Still investi... Marcos M
11:50 AM Regression #13117 (Resolved): pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations: Issue exists on @22.05.a.20220429.1807@.
Issue not present on @22.05.a.20220426.1313@.
If DNS Resolver has @Enabl... Marcos M
12:09 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Kris Phillips wrote in #note-11:
> Hayden Hill wrote in #note-10:
> > Kris Phillips wrote in #note-9:
> > > Comman... Hayden Hill
09:45 AM pfSense Packages Bug #13115 (Resolved): WireGuard panic due to KBI changes in ```udp_tun_func_t()```: Reference: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263297
We will need to cherry pick whatever solution ... Christian McDonald
08:31 AM Feature #12982: Add support for RFC7499 in RADIUS library.: I've looked at the RADIUS code we have but didn't see anything that would suggest any kind of limit. I also briefly l... Jim Pingle
08:00 AM Regression #13111 (Duplicate): when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: This is already covered on #4259 (see the comments later in the issue) Jim Pingle
07:59 AM Feature #9393 (New): Improved support for USB interfaces that may not always be present: Jordan Greene wrote in #note-8:
> Tested on 22.05.a.20220429.1807 by adding USB NIC, enabling it and setting a stati... Jim Pingle
07:57 AM Bug #13110: changing CARP VIP address does not update outbound NAT interface IP: This isn't necessarily going to be desirable or helpful. The two are not necessarily related even if they share the a... Jim Pingle

05/01/2022

09:48 PM pfSense Packages Bug #13114 (Resolved): BIND calls rndc in rc_stop when named is not running: rc_stop does not check for named running before calling rndc. rndc will timeout/fail if named is not running. Stuart Wyatt
09:47 PM pfSense Packages Bug #13113 (Resolved): BIND widget uses old/bad path to .conf file: The BIND widget uses the old/bad path to the .conf file.
/cf/ should be /var/etc/
Stuart Wyatt
07:32 PM Regression #13026: Limiters do not work: Tested on @22.05.a.20220429.1807@ with patch from #12579 applied. Same issue/results. Marcos M
06:47 PM Regression #13112 (Pull Request Review): PHP warning from ``unlink()`` function calls when files do not exist: Marcos M
06:47 PM Regression #13112: PHP warning from ``unlink()`` function calls when files do not exist: Relevant commit: https://gitlab.netgate.com/pfSense/pfSense/-/commit/583062bfd019ce6b41062456adb594d5a37f6ec3
I ha... Marcos M
06:37 PM Regression #13112 (Resolved): PHP warning from ``unlink()`` function calls when files do not exist: On 22.05 after reboot, the following php crash report appeared:... Marcos M
03:36 PM pfSense Packages Bug #11575 (Resolved): OpenVPN clients cannot pass traffic when reconnecting using the same source port: Viktor Gurov
01:19 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Checked on 22.01 release and openvpn-client-export 1.6_4 version. The nobind is presented in exported config by default. aleksei prokofiev
12:25 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Yes, you are correct, 10.1.10.50 is pfSense and 10.1.10.207 is MySQL which provide the table for the FreeRadius on pf... Frank Lee
11:31 AM Feature #12982: Add support for RFC7499 in RADIUS library.: Note: removed potentially sensitive info from comment.
Thanks for the test. I presume 10.1.10.50 is pfSense and 10... Marcos M
10:18 AM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Hayden Hill wrote in #note-10:
> Kris Phillips wrote in #note-9:
> > Command I was trying to run manually after I n... Kris Phillips
01:48 AM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Kris Phillips wrote in #note-9:
> Command I was trying to run manually after I noticed it failing:
>
> /usr/loca... Hayden Hill

04/30/2022

10:55 PM Regression #13111: when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: actually it looks like @vktg already fixed this in this commit: https://github.com/pfsense/pfsense/commit/1aa4beab67d... → luckman212
10:46 PM Regression #13111: when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: ... → luckman212
09:38 PM Regression #13111 (Duplicate): when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: sorry for the terse bugreport, but I am onsite at a client at 10:30pm and desperately trying to get this HA pair of N... → luckman212
09:05 PM Regression #12827: High latency and packet loss during a filter reload: Mateusz Guzik wrote in #note-21:
> Huh, apologies for lack of updates.
>
> The issue is largely fixed for over 3 ... Kris Phillips
09:00 PM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Ryan Coleman wrote in #note-4:
> Kris Phillips wrote in #note-3:
> > Ryan Coleman wrote in #note-2:
> > > Kris P... Kris Phillips
08:44 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Command I was trying to run manually after I noticed it failing:
/usr/local/bin/php -r "pfSense_ngctl_attach('.',... Kris Phillips
08:42 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Tested pfatt on 22.05 April 29th build and getting the following crash report:
Fatal error: Uncaught Error: Call t... Kris Phillips
05:57 PM Feature #9393: Improved support for USB interfaces that may not always be present: Tested on 22.05.a.20220429.1807 by adding USB NIC, enabling it and setting a static IP. Rebooted system and removed U... Jordan G
05:26 PM Feature #12931 (Resolved): Retain knowledge of previous dynamic gateway IP address when interface is down: /tmp/em2_router.last was created after disabling the interface (proxmox) and it contains previous dynamic gateway I... Alhusein Zawi
04:50 PM Bug #11226 (Resolved): IPsec VTI phase 2 traffic selectors default to address when defined as a network: Alhusein Zawi
01:19 PM Bug #13110 (New): changing CARP VIP address does not update outbound NAT interface IP: In my testing, on a 2 node HA cluster running 22.05.a.20220426.1313, if you change the Virtual IP, it is properly syn... → luckman212
12:51 PM Bug #12727 (Resolved): Renaming an alias does not update the alias names in static routes and OpenVPN instances: working as expected
2.7.0.a.20220426.0600
Alhusein Zawi

04/29/2022

06:20 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: The subject is incorrect.
As stated in the TAC, after further analyzing additional cases it became clear that the du... David G
03:09 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: Updating subject for release notes. Jim Pingle
07:45 AM Bug #13092 (Feedback): PPPoE WANs fail to reconnect after parameter negotiation failure: Applied in changeset commit:75363ea828a165b14de9c8e750a92378ecb4acbf. Viktor Gurov
07:27 AM Bug #13092 (Pull Request Review): PPPoE WANs fail to reconnect after parameter negotiation failure: Jim Pingle
01:38 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: David G wrote in #note-6:
> The reported issue is known. The workaround is to add the following config.
>
> set b... Viktor Gurov
05:56 PM Revision 978ea085: pfSense: Utilize pf captiveportal funcs from php-pfSense - Feature #12945: linnemannr
03:49 PM Bug #6253 (Resolved): Firewall log widget action icon features stop working when new log entries are added dynamically: Tested and working as expected on... Christopher Cope
03:07 PM Bug #13083: Slack notification options only allow ``-`` as a special character in channel names: Updating subject for release notes. Jim Pingle
03:05 PM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: Updating subject for release notes. Jim Pingle
03:03 PM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events: Updating subject for release notes. Jim Pingle
03:02 PM Feature #9393: Improved support for USB interfaces that may not always be present: Updating subject for release notes. Jim Pingle
03:00 PM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Updating subject for release notes. Jim Pingle
02:58 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Updating subject for release notes. Jim Pingle
02:34 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Hello,
the support tech told me you guys wanted a packet capture. I assume that you need packet capture between the... Frank Lee
11:44 AM Bug #13102 (Resolved): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Viktor Gurov
08:33 AM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: tested on
22.05-DEVELOPMENT (amd64)
built on Fri Apr 22 06:22:18 UTC 2022
FreeBSD 12.3-STABLE
bug reproduced, pictu... Georgiy Tyutyunnik
06:36 AM Revision 75363ea8: Use mpd embedded bandwidth control to reconnect. Fixes #13092: Viktor Gurov
12:06 AM Regression #12834: Only TCP traffic is passed outbound through IPFW: Sorry Sir I duplicate the "Ipfw table all list" of after enabling the Captive Portal and the before enabling captive ... Aspiring Network Admin

04/28/2022

10:54 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: The reported issue is known. The workaround is to add the following config.
set bundle period 6
set bundle lowat 0
s... David G
07:28 PM Bug #13092 (New): PPPoE WANs fail to reconnect after parameter negotiation failure: 'noretry' is no longer a valid bundle option in mpd5.... Steve Wheeler
07:58 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Hi Sir Reid thank you for the reply. This is my ipfw list and ipfw table all list before and after enabling and loggi... Aspiring Network Admin
03:24 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Aspiring Network Admin wrote in #note-13:
> Hi Sir may I ask if you already fixed this problem that you have on your... Reid Linnemann
05:59 PM Revision 94151cf2: store dnsmasq custom_options as base64: → luckman212
05:50 PM Revision 8dffcfd3: trim mac address when submitting: eases copy & paste which sometimes grabs a little extra whitespace
on either end -- previously caused input validatio... → luckman212
02:22 PM Feature #13109 (Pull Request Review): Trim whitespace from MAC addresses in user input: Jim Pingle
12:56 PM Feature #13109: Trim whitespace from MAC addresses in user input: PR: https://github.com/pfsense/pfsense/pull/4580 → luckman212
12:55 PM Feature #13109 (Resolved): Trim whitespace from MAC addresses in user input: Small patch to trim MAC address input on POST.
This eases copy & paste which sometimes grabs a little extra whites... → luckman212
01:53 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Ondrej Sala wrote in #note-39:
> bump
> 11 years later and still no fix?
Allistah F wrote in #note-40:
> I just ran ... xander bron
01:17 PM Revision d90552c5: Destroy deleted/disabled IPsec SA. Fixes #13102: Viktor Gurov
12:44 PM Bug #13105 (Pull Request Review): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Jim Pingle
10:50 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: @jimp I submitted a PR: https://github.com/pfsense/pfsense/pull/4579 → luckman212
08:37 AM Feature #4259 (Feedback): Port forward NAT rules with "any" protocol: Merged:
https://github.com/pfsense/pfsense/commit/1aa4beab67da79d69df094771a4317279318227d Viktor Gurov
07:19 AM Feature #4259 (Pull Request Review): Port forward NAT rules with "any" protocol: Jim Pingle
02:57 AM Feature #4259: Port forward NAT rules with "any" protocol: Jim Pingle wrote in #note-11:
> This is causing a PHP error:
>
> [...]
fix:
https://gitlab.netgate.com/pfSens... Viktor Gurov
08:30 AM Bug #13102 (Feedback): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Applied in changeset commit:d90552c59e51fb13c712b6a96a51ca2462424156. Viktor Gurov
08:29 AM pfSense Packages Bug #13104 (Feedback): BIND: Unable to fetch namd root file: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/3bc9ac8e64ba744212eda05ba190e544ef6d2d40 Viktor Gurov
07:13 AM pfSense Packages Bug #13104 (Pull Request Review): BIND: Unable to fetch namd root file: Jim Pingle
07:08 AM pfSense Packages Bug #13104: BIND: Unable to fetch namd root file: This corrects it in my test box. named starts at boot without error with that patch applied.
Steve Wheeler
03:37 AM pfSense Packages Bug #13104: BIND: Unable to fetch namd root file: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/224 Viktor Gurov
07:56 AM Revision 1aa4beab: Port Forward input validation fix. Issue #4259: Viktor Gurov
02:43 AM Bug #12649 (Feedback): Allowed IP/Hostname "Direction" option is never used: Implemented in #13100 Viktor Gurov

04/27/2022

09:34 PM Revision ad2a86ea: Captive Portal remove unused ipfw code. Todo #13100: Viktor Gurov
09:09 PM Revision 7c2468c5: Captive Portal ipfw->pf transition. Todo #13100: Viktor Gurov
08:50 PM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: Tested on @22.05.a.20220426.1313@.
On a VTI P2 with keepalive checked and the P1 using a gateway group, I marked t... Marcos M
05:26 PM Revision a32a9530: add warning for menu option 14 when it might kill your connection: → luckman212
04:35 PM Todo #13100: Transition Captive Portal from IPFW to PF: remove unused ipfw code:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/751 Viktor Gurov
07:51 AM Todo #13100: Transition Captive Portal from IPFW to PF: see also:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/220 Viktor Gurov
03:57 PM pfSense Packages Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid: pfSense 22.05 and pfSense-pkg-squid-0.4.45_8 uses clamav @0.104.2,1@ which is not affected. Marcos M
03:18 PM pfSense Docs Todo #13108: ZFS filesystem implications: This isn't a recent change in ZFS, as the /cf/conf dataset has been configured with the @exec@ property set to @off@ ... Jim Pingle
01:05 PM pfSense Docs Todo #13108 (Rejected): ZFS filesystem implications: One of the recent file system changes to the default ZFS install was to mount some things as 'noexec'.
This includes... Steve Wheeler
03:10 PM Revision 37e06c12: Fix error handling in pfanchordrill. Fixes #13106: Jim Pingle
02:51 PM Bug #13102 (Pull Request Review): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Jim Pingle
02:36 PM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/750 Viktor Gurov
06:47 AM Bug #13102 (Confirmed): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Viktor Gurov
02:26 PM pfSense Docs Correction #13107 (Resolved): Blacklists need to be revisited: Removed links to MESD and Shalla, both seem to be dead. Shalla shut down, the MESD link times out and never loads. I ... Jim Pingle
12:14 PM pfSense Docs Correction #13107 (Resolved): Blacklists need to be revisited: https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html#blacklist
Shallalist is dead, for ... Chris Linstruth
12:37 PM Revision 085ff94b: USB NIC handling improvements. Fixes #12606 #9393: Viktor Gurov
11:41 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: → luckman212 wrote in #note-8:
> Oh great idea! Only downside is losing the ability to see the data when directly vi... Jim Pingle
11:37 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Oh great idea! Only downside is losing the ability to see the data when directly viewing the XML, but that's a very m... → luckman212
10:37 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: A reboot or restore couldn't "corrupt" this. A reboot doesn't alter the configuration. It could only change on save.
... Jim Pingle
10:31 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: @jimp As far as I can tell from looking at the code (and my experience as well) it only validates on SAVE, but not wh... → luckman212
09:35 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: → luckman212 wrote in #note-4:
> 2 other possible workarounds:
> - have each custom option in its own row, with an ... Jim Pingle
08:20 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: 2 other possible workarounds:
- have each custom option in its own row, with an "add row" button UI similar to def... → luckman212
07:39 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: The inconsistent handling of newlines in text boxes in browsers is one of the reasons the OpenVPN advanced options in... Jim Pingle
10:47 AM Feature #4259 (New): Port forward NAT rules with "any" protocol: This is causing a PHP error:... Jim Pingle
10:20 AM Regression #13106 (Feedback): ``pfanchordrill`` treating errors as anchor names: Applied in changeset commit:37e06c12873a4d5439dda3349e124d55b19cd3d0. Jim Pingle
10:09 AM Regression #13106 (Resolved): ``pfanchordrill`` treating errors as anchor names: The @pfanchordrill@ PHP playback script parses the output of the pf anchor list and uses it to recurse to find nested... Jim Pingle
08:35 AM pfSense Packages Bug #13098 (Feedback): HAProxy Virtual IP broken link under Frontend setup: PR has been merged.
Thank You!
https://github.com/pfsense/FreeBSD-ports/pull/1160/commits/d32312de35cecd94a77295... Viktor Gurov
07:33 AM pfSense Packages Bug #13098: HAProxy Virtual IP broken link under Frontend setup: Pull Request: https://github.com/pfsense/FreeBSD-ports/pull/1160 Chris Gunther
07:50 AM Feature #9393: Improved support for USB interfaces that may not always be present: Applied in changeset commit:085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c. Viktor Gurov
07:49 AM Feature #9393 (Feedback): Improved support for USB interfaces that may not always be present: Merged:
https://github.com/pfsense/pfsense/commit/085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c Viktor Gurov
07:50 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events: Applied in changeset commit:085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c. Viktor Gurov
07:49 AM Bug #12606 (Feedback): ``devd`` is not configured to act on USB interface attach/detach events: Merged:
https://github.com/pfsense/pfsense/commit/085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c Viktor Gurov
07:40 AM Bug #12645 (Feedback): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Merged:
https://github.com/pfsense/pfsense/commit/95d74811193b4be8eb515b5dd13e963971f8de57 Viktor Gurov
06:32 AM Todo #12601 (Closed): Optimize fw rules load on boot: We need to run "pf" before DNS Resolver and other services so that they can work properly.
see 6103#note-2 for examp... Viktor Gurov
04:46 AM pfSense Packages Feature #12963: Run nmap scans in the background: Tested the package against:... Danilo Zrenjanin
04:20 AM Feature #13103: Warn the user if they attempt to disable SSH from the menu while connected through SSH: I tested the commit. It is pretty helpful and works as expected. Danilo Zrenjanin
04:07 AM pfSense Packages Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions: I tested against the 0.7.1_1 Acme version. It works as expected. I could edit, remove, and copy the account key with ... Danilo Zrenjanin
03:07 AM Bug #13086 (Resolved): Traffic shaper wizard rewrites Mbits to Kbits: Tested against the version below:... Danilo Zrenjanin
01:23 AM Bug #13083 (Resolved): Slack notification options only allow ``-`` as a special character in channel names: Tested against the version below:... Danilo Zrenjanin
01:14 AM Feature #2456 (Resolved): Option to choose default tab in IPsec status Dashboard widget: Tested against the version below:... Danilo Zrenjanin

04/26/2022

09:38 PM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: The OP's original concern also pops up when using a single physical WAN with multiple PPPoE sessions. Some ISPs allo... Kristopher Kolpin
09:04 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Hi Sir may I ask if you already fixed this problem that you have on your Captive Portal? We have the same problem and... Aspiring Network Admin
07:16 PM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: (I recently experienced this on 22.05 snaps, btw) → luckman212
07:14 PM Bug #13105 (Resolved): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Sometimes when saving DNS Forwarder (dnsmasq) config, the custom options data gets mangled (a newline is lost, so 2 c... → luckman212
06:52 PM pfSense Packages Bug #13104 (Resolved): BIND: Unable to fetch namd root file: Throws php error:... Steve Wheeler
06:41 PM Feature #13103: Warn the user if they attempt to disable SSH from the menu while connected through SSH: PR: https://github.com/pfsense/pfsense/pull/4578 → luckman212
06:40 PM Feature #13103 (Resolved): Warn the user if they attempt to disable SSH from the menu while connected through SSH: Believe it or not, I fat fingered "13" the other day and typed "14" instead when connected via SSH ... and hit "y" wh... → luckman212
04:27 PM Bug #13102 (New): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: * Running 22.05.a.20220426.1313 on a Netgate 6100
* Not sure if this is a regression in 22.05 or an old bug.
Toda... → luckman212
04:19 PM Revision 1c04a6d4: Reload static routes on L2TP VPN client connect. Fixes #13099: Viktor Gurov
03:21 PM Revision 9dc881fd: Update config 215 to 216 fix. Issue #13097: Christopher Cope
03:08 PM Todo #13100: Transition Captive Portal from IPFW to PF: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/748 Viktor Gurov
12:33 PM Todo #13100 (Resolved): Transition Captive Portal from IPFW to PF: Implement Captive Portal ipfw->pf transition.
related issues: #12599 #12733 #12579 Viktor Gurov
12:53 PM Bug #13101 (Not a Bug): OpenVPN certificate validation fails: I can't reproduce this. TLS certs work fine as-is without any special changes.
This site is not for support or dia... Jim Pingle
12:47 PM Bug #13101 (Not a Bug): OpenVPN certificate validation fails: OpenVPN fails the validation on a certificate issued by pfSense as CA.
This is the error returned by OpenVPN on Verb... Massimo Vannucci
11:30 AM Bug #13099 (Feedback): Static routes to destinations at L2TP clients are not re-added after a client reconnects: Applied in changeset commit:1c04a6d44e03e2cc175b7af509f8f55eee55be82. Viktor Gurov
10:04 AM Bug #13099 (Pull Request Review): Static routes to destinations at L2TP clients are not re-added after a client reconnects: Jim Pingle
09:42 AM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: original forum topic: https://forum.netgate.com/topic/171700/l2tp-%D1%82%D1%83%D0%BD%D0%BD%D0%B5%D0%BB%D1%8C-%D0%BD%D... Viktor Gurov
08:41 AM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: similar to #10407, but server-side Viktor Gurov
08:40 AM Bug #13099 (Resolved): Static routes to destinations at L2TP clients are not re-added after a client reconnects: How to recreate:
* Create L2TP VPN
* Create a static route to the subnet behind L2TP VPN client
* Disconnect L2TP ... Viktor Gurov
10:22 AM Bug #13097 (Feedback): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Fix merged.
New patch attached. Christopher Cope
10:20 AM Revision ddf61d2b: LDAP authentication extended query fix. Issue #13093: Viktor Gurov
08:50 AM pfSense Packages Bug #11693 (Feedback): IPv6 static routing fails: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/095720f390905d462ce94dbb59af405da779acb1 Viktor Gurov
07:26 AM pfSense Packages Bug #11693 (Pull Request Review): IPv6 static routing fails: Jim Pingle
05:49 AM pfSense Packages Bug #11693: IPv6 static routing fails: correct syntax is @ipv6 route fc00:aaaa:bbbb::/64 fe80::290:bff:fe7c:5bb vtnet1@, not @ipv6 route fc00:aaaa:bbbb::/64... Viktor Gurov
07:07 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: . Chris Linstruth
07:06 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: ... Chris Linstruth
05:25 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I found an issue where the Extended query is always used, regardless of the "Enable extended query" checkbox:
https:... Viktor Gurov

04/25/2022

05:40 PM pfSense Packages Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup: This was fixed in the haproxy-devel, but not the standard haproxy package under: https://redmine.pfsense.org/issues/1... Chris Gunther
04:23 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Attached a patch file with the changes from the merge request for testing. Christopher Cope
04:10 PM Bug #13097 (Pull Request Review): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/745/ Christopher Cope
01:07 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: I thought we had a workaround in place for that but I'm not seeing it now.
The function in question could be copie... Jim Pingle
10:27 AM Bug #13097 (Resolved): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: In function upgrade_215_to_216() in /etc/inc/upgrade_config.inc:6411 there is a call to ipsec_create_vtimap()
This... Christopher Cope
03:10 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Jim Pingle wrote in #note-35:
> Fixing this issue is nowhere near as simple as that patch implies. The DHCP server c... Allistah F
03:02 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: I just ran into this bug and couldn't figure out why this was happening. It's really unfortunate that this is still ... Allistah F
02:20 PM Revision 77fa7b29: Add no noretry to PPPoE mpd configuration. Fixes #13092: Viktor Gurov
02:19 PM Revision 80d6b1ba: Traffic Shaper Wizard bandwidth scale fix. Issue #13086: Viktor Gurov
01:25 PM Revision 7ef24f72: Fix typo. Issue #13076: Viktor Gurov
12:49 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: It's still possible to have multiple problems here. Though it may take some manual fiddling with upnpc and/or gupnp t... Jim Pingle
12:22 PM pfSense Packages Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: PR merged, thanks! Jim Pingle
11:40 AM pfSense Packages Bug #13095: Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: Pull Requests https://github.com/pfsense/FreeBSD-ports/pull/1161 and https://github.com/pfsense/FreeBSD-ports/pull/11... Bill Meeks
09:43 AM pfSense Packages Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: Apparently the Snort Vulnerability Research Team recently altered part of the path name inside the Snort Rules Update... Bill Meeks
12:22 PM pfSense Packages Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size limitation logic: PR merged, thanks! Jim Pingle
11:42 AM pfSense Packages Feature #13096: Improve robustness of Snort Rules Update Log size limitation logic: This feature has been implemented via changes included in Pull Requests https://github.com/pfsense/FreeBSD-ports/pull... Bill Meeks
09:47 AM pfSense Packages Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size limitation logic: Change the code for truncating the Snort Rules Update Log file when it exceeds the maximum configured size to be more... Bill Meeks
11:50 AM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install: Merged:
https://github.com/pfsense/FreeBSD-src/commit/0e4c152b7e44f36e5fbe59ef6a7611f8d50b9e51 Viktor Gurov
08:50 AM Bug #12691 (Pull Request Review): Support encrypted ``config.xml`` files when restoring during install: Jim Pingle
03:00 AM Bug #12691 (New): Support encrypted ``config.xml`` files when restoring during install: Jordan Greene wrote in #note-7:
> was able to successfully load password protected config.xml from flash drive by re... Viktor Gurov
11:45 AM Bug #13076 (Feedback): Marking a gateway as down does not affect IPsec entries using gateway groups: Merged:
https://github.com/pfsense/pfsense/commit/7ef24f72405be1af3e3d82bde4ca572e3462827d Viktor Gurov
08:53 AM Bug #13076 (Pull Request Review): Marking a gateway as down does not affect IPsec entries using gateway groups: Jim Pingle
08:26 AM Bug #13076 (New): Marking a gateway as down does not affect IPsec entries using gateway groups: small typo:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/744 Viktor Gurov
11:44 AM Bug #13086 (Feedback): Traffic shaper wizard rewrites Mbits to Kbits: Merged:
https://github.com/pfsense/pfsense/commit/80d6b1ba38f906b0960dca2c6f95df5cf9fda404 Viktor Gurov
08:50 AM Bug #13086 (Pull Request Review): Traffic shaper wizard rewrites Mbits to Kbits: Jim Pingle
03:41 AM Bug #13086 (New): Traffic shaper wizard rewrites Mbits to Kbits: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/743 Viktor Gurov
09:30 AM Bug #13092 (Feedback): PPPoE WANs fail to reconnect after parameter negotiation failure: Applied in changeset commit:77fa7b2937c0a14fc3d8db3058ff11db9e0210f2. Viktor Gurov
08:49 AM Bug #13092 (Pull Request Review): PPPoE WANs fail to reconnect after parameter negotiation failure: Jim Pingle
02:45 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: see also https://forum.netgate.com/topic/37353/pppoe-reconenction-fix-mpd-fix-100
solution:
https://sourceforge.n... Viktor Gurov
08:36 AM Bug #7234 (Closed): ntpd overload during IPsec session without HW acceleration: Jim Pingle
08:35 AM Bug #6611 (Closed): Kernel panic when running PPPoE Server on tun/tap interface: Jim Pingle

04/24/2022

06:06 PM Feature #13094: Allow packet capture filtering in tagged packets: That works for me in all tested cases. Steve Wheeler
05:38 PM Feature #13094 (Pull Request Review): Allow packet capture filtering in tagged packets: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/741
Old behavior:
* No filter specified: vlan packets in... Marcos M
03:03 PM Feature #13094 (Closed): Allow packet capture filtering in tagged packets: Currently the host filtering options in the webgui packet capture do not match VLAN or QinQ tagged traffic.
It wou... Steve Wheeler
11:52 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash: Viktor Gurov
06:35 AM Feature #12819: GUI option to configure layers for LACP hash: While I agree this is a welcome feature addition it should not matter what the other side supports. This is for trans... Chris Linstruth
06:33 AM Feature #12819: GUI option to configure layers for LACP hash: Ran through the various settings. Looks good. All passed basic pings to another host across the lagg.... Chris Linstruth
11:05 AM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: LDAP authentication fails with extended query and RFC2307 group lookups enabled
h2. With Extended Query On and RFC... Chris Linstruth

04/23/2022

08:57 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: I've seen cases when the PPP client stops to retry re-establishing the connection within a minute after the outage st... David G
08:02 PM Bug #13092 (Resolved): PPPoE WANs fail to reconnect after parameter negotiation failure: Opened on behalf of TAC ticket 881570903.
After a six hour ISP outage, the service was restored but pfSense didn't... Chris W
06:09 PM Bug #12691: Support encrypted ``config.xml`` files when restoring during install: was able to successfully load password protected config.xml from flash drive by rerooting from the console menu with ... Jordan G
01:53 PM Bug #7234: ntpd overload during IPsec session without HW acceleration: Testing this on pfSense Plus 22.01, I'm unable to reproduce any NTP CPU locking on a single thread testing with or wi... Kris Phillips
01:49 PM Bug #6611: Kernel panic when running PPPoE Server on tun/tap interface: Since redmine 4510 no longer allows this, this should be marked as resolved. I have verified that OpenVPN interfaces... Kris Phillips
01:46 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: I'm unable to reproduce this on pfSense Plus 22.01 with my UPnP table. I'm assuming that with UI changes since 2.3 t... Kris Phillips
01:41 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: Christoph Vieten wrote in #note-2:
> Same happened on 2.6.0 with Intel x710-T4 multiple times now.
> Updating the n... Kris Phillips
12:17 PM Bug #13049 (Resolved): Empty ``negate_networks`` table breaks policy routing rules: Tested in systems which would and would not require negate_networks and it worked as expected. Marcos M
06:20 AM Bug #13048: Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route: Can't recreate this issue on 22.01, failover working as expected, and default route changes every time if tier 1 goes... Lev Prokofev
02:52 AM Bug #13086: Traffic shaper wizard rewrites Mbits to Kbits: Yes, I replicated that. It's a minor cosmetic issue.
steps to reproduce:
 1. Run Traffic Shaper Wizards
 2. Cho... Danilo Zrenjanin

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

05/22/2022

05/21/2022

05/20/2022

05/19/2022

05/18/2022

05/17/2022

05/16/2022

05/15/2022

05/14/2022

05/13/2022

05/12/2022

05/11/2022

05/10/2022

05/09/2022

05/08/2022

05/07/2022

05/06/2022

05/05/2022

05/04/2022

05/03/2022

05/02/2022

05/01/2022

04/30/2022

04/29/2022

04/28/2022

04/27/2022

04/26/2022

04/25/2022

04/24/2022

04/23/2022