Activity

30 days up to

User

Subprojects

Activity

From 07/29/2022 to 08/27/2022

08/27/2022

09:15 PM pfSense Packages Bug #13404 (Not a Bug): LDAP authentication does not working: Ettore Caprella wrote in #note-3:
> Hello,
> yes, I can't find the right options that allow me to configure ldap auth... Kris Phillips
08:54 PM pfSense Packages Bug #13432: ups driver will not start: Scott Lampert wrote in #note-3:
> It seems to be the same as this issue: https://redmine.pfsense.org/issues/9849
> ... Kris Phillips
08:53 PM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied: Hello Steve,
Which version of the Zabbix package are you seeing this behavior? There are several. Kris Phillips
08:52 PM Bug #13447: Double Nmap and NMap entries in Diagnostics menu: Hello Sean,
I installed the NMap package and am unable to reproduce this issue. Likely your config has two menu i... Kris Phillips
08:49 PM Bug #13449: Wrong logging if ICMP "Port unreachable": Hello Johannes,
Are you viewing the filter.log file, viewing syslog data, or something else here? I'm looking at ... Kris Phillips
08:43 PM Bug #13267: dpinger continues to run on OpenVPN gateway after OpenVPN service is stopped.: I can confirm this behavior. Running a pcap on the current default gateway will show traffic from the OpenVPN client... Kris Phillips
02:30 PM Bug #13267: dpinger continues to run on OpenVPN gateway after OpenVPN service is stopped.: Does it mean to stop openvpn service or disabling the openvpn client?
> # Stop the OpenVPN client
If I try ... Alhusein Zawi
08:39 PM Revision 5f9666a1: Remove IPv6 validation for RADIUS auth. Fixes #4154: R. Christian McDonald
06:31 PM pfSense Docs Todo #13452: Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum: Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/50 Chris W
06:30 PM pfSense Docs Todo #13452 (Closed): Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum: Currently we link to the Github page of OpenHashTab, which of course is an .exe which must be downloaded and installe... Chris W
06:30 PM pfSense Packages Feature #9852: show File-Store directory listing: new 'Files' submenu available on Suricata 6.0.6 - looks good Jordan G
06:13 PM pfSense Packages Bug #12423: Dashboard shows "SQLite database missing, Force Reload DNSBL to recover!": current version is 3.1.0_4 so it should be included - I have not hit this on that release, please update if you're st... Jordan G
05:56 PM pfSense Packages Bug #10692: PIMD starts twice at boot: still seeing this start 2x on 22.05 following reboot Jordan G
04:07 PM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key: Denis Grilli wrote in #note-13:
> Could you tell in more detail what is your use scenario? From the error you are ge... Charles Sprickman
09:56 AM Bug #13308: The ``negate_networks`` table is duplicated in ``rules.debug``: Patch is working
Before
!clipboard-202208271755-qch1c.png!
After
!clipboard-202208271756-tznw4.png!
Lev Prokofev
08:10 AM Regression #13167 (Resolved): DigitalOcean Dynamic DNS update fails with a "bad request" error: I can confirm it works as expected.
Tested against:... Danilo Zrenjanin
04:42 AM pfSense Packages Bug #13451 (New): Update the Default Router ID help text link under FRR Global Setting: The Wikipedia link directs to the OSPF Wiki page. Since this is the Global FRR settings page it has more sense to cha... Danilo Zrenjanin

08/26/2022

06:02 PM Revision 0c93b91a: Upgrade to php81: Brad Davis
05:09 PM Revision 451134f3: Rework formatting: Add icons
remove red text for offline
remove bold/italic for both Thomas Arthofer
03:05 PM Bug #13424 (Resolved): CRL expiration date with default lifetime is too long, goes past UTCTime limit: Tested on... Christopher Cope
02:37 PM pfSense Docs New Content #11739 (Resolved): Manual Outbound NAT rules in HA setup: The updated content looks good.
Marking resolved. Christopher Cope
02:34 PM pfSense Packages Feature #12963: Run nmap scans in the background: Marcos M wrote in #note-26:
> I can't think of a privacy issue for either - both locations are readable by everyone.... Phil Wardt
11:22 AM Revision 4aa6a102: Add formatting to online status in status_dhcp[v6]_leases.php for better readability. Implements #10345: Adds color & formatting to host online status
online = bold + green
offline = italic + red Thomas Arthofer
08:50 AM Bug #13450: L2TP Clients system alias is not populated: Tested using l2tp config:... Steve Wheeler
08:48 AM Bug #13450 (New): L2TP Clients system alias is not populated: After creating an L2TP server and defining a 'Remote address range' for clients it should be possible to use that in ... Steve Wheeler
07:31 AM Feature #10345 (Pull Request Review): Improve distinction between online and idle/offline entries in DHCP lease list: Jim Pingle
06:28 AM Feature #10345: Improve distinction between online and idle/offline entries in DHCP lease list: PR opened on GitHub: https://github.com/pfsense/pfsense/pull/4612 Thomas Arthofer
05:46 AM Bug #13449 (New): Wrong logging if ICMP "Port unreachable": It seems to me that there is a comma missing from these type of logs:
filterlog[82349]: 143,,,1611338923,vtnet2,ma... Johannes Wanink

08/25/2022

04:46 PM Bug #13448 (Resolved): Table row selection has poor contrast in Dark theme: In UI that uses a table, and requires selecting a row (like with pfBlockerNG under IP > IP Interface/Rules Configurat... Sean McBride
01:01 PM Feature #8867 (Confirmed): interfaces_vlan_edit.php does not display proper interface aliases: Re-opened this as a feature. It's not a bug, that's the expected behaviour, but there is no point displaying the inte... Steve Wheeler
12:59 PM Bug #13447 (Not a Bug): Double Nmap and NMap entries in Diagnostics menu: I'm not sure when it happened, possibly after updating from pfsense+ 22.01 to 22.05, but I now have two nmap items in... Sean McBride
12:27 PM Feature #13446: Upgrade PHP from 7.4 to 8.1: Commits already made that do not reference this issue:... Reid Linnemann
12:21 PM Feature #13446 (Closed): Upgrade PHP from 7.4 to 8.1: php 7.4 is EOL Nov. 28, 2022. We are migrating to php 8.1 as a result. Several changes will need to be made to accomp... Reid Linnemann
12:09 PM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: I'm afraid that this broke my use-case. I set the following custom options:
no-resolv
server=208.67.222.222
ser... Orion Poplawski
10:19 AM Bug #13445 (Resolved): ``easyrule`` CLI script has multiple bugs and undesirable behaviors: While updating docs I noticed a few minor issues in the ``easyrule`` CLI script/backend code that need addressing:
... Jim Pingle
08:05 AM pfSense Packages Bug #13444 (Incomplete): zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied: Hi
I frequently come across this issue when trying to investigate why a Zabbix agent isn't communicating successfu... Steve Scotter
07:33 AM Bug #13437 (Resolved): ECDSA certificate renewal causes digest algorithm to be reset to SHA1: Jim Pingle
01:00 AM Bug #13437: ECDSA certificate renewal causes digest algorithm to be reset to SHA1: Tested on
@22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE@
After implementing... Lev Prokofev
07:27 AM pfSense Docs Correction #12861 (Feedback): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits: Merged and deployed Jim Pingle
07:02 AM Revision c064bf32: Replace another config access in authgui.inc: I ran into this one on a fresh install (amd64/bhyve), CE, on main. Kristof Provost

08/21/2022

08:01 PM Feature #701: Interface groups with NAT: Interface groups may be selected in port forwards, though there isn't a destination selection for "Interface Address"... Marcos M
04:51 PM Revision b8890aad: fix: corrects validations for various fields in system_advanced_firewall.inc: Jared Hendrickson
12:34 PM Bug #13436 (Resolved): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields: A few fields in /usr/local/pfSense/include/www/system_advanced_firewall.inc are being incorrectly validated.
- `a... Jared Hendrickson
07:25 AM pfSense Packages Bug #13432: ups driver will not start: It seems to be the same as this issue: https://redmine.pfsense.org/issues/9849
This was on a completely new instal... Scott Lampert

08/20/2022

10:10 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring: This seems to affect 22.11 builds as well. Kris Phillips
10:08 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: Tested and seems to apply and work fine here. Kris Phillips
09:58 PM pfSense Packages Bug #13432: ups driver will not start: Actually, I tested this with an APC unit just now and the nut package and was able to connect with the generic usbhid... Kris Phillips
09:42 PM pfSense Packages Bug #13432: ups driver will not start: Hello,
I tested and was unable to reproduce this, but I don't have a Cyberpower UPS. It seems this shouldn't be l... Kris Phillips
07:57 PM pfSense Docs Correction #12861 (Feedback): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits: Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/49 Chris W
02:43 PM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit: I can't reproduce that here. Start a thread on the forum to discuss your problem further. Jim Pingle
02:31 PM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit: The fix doesn't work after turning off pfsense. After switching on, the error repeats. Restarting the vpn service or ... Oleg Utkin
02:42 PM Bug #13435 (Duplicate): Certification Revocation: Duplicate of #13424 Jim Pingle
02:41 PM Bug #13435 (Duplicate): Certification Revocation: When creating a new CRL (Certification Revocation) and you use the default value 9999
The Next Update date is set th... Saso Kocev
10:50 AM Feature #13411 (Pull Request Review): Packet capture does not support 6rd tunnels: Thanks for the feedback! I've addressed the issue. Marcos M
10:36 AM pfSense Plus Bug #13434 (Closed): Upgrade from 2.4.4. to 22.0x results in LAN traffic intermittently dropped for OpenVPN clients: Scenario:
- pfSense 2.4.4 AWS image with around 100 - 150 OpenVPN clients functions normally.
- After moving to... Chris W
06:57 AM pfSense Plus Bug #13430 (Not a Bug): Redundate Breadcumb Path in Diagnostics > Backup & Restore: Actually, that's the right path. If you follow each link, you'll get exactly that.
From the Status/Dashboard, yo... Danilo Zrenjanin
06:53 AM pfSense Docs Correction #13433 (Resolved): Change the link for the help button on /diag_backup.php: It would have more sense to change that link to the https://docs.netgate.com/pfsense/en/latest/backup/index.html#back... Danilo Zrenjanin
04:19 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only: The same behavior on 22.09-DEVELOPMENT (amd64)built on Fri Jul 29 06:14:54 UTC 2022
Lev Prokofev

08/19/2022

03:51 PM pfSense Docs New Content #12791 (Resolved): Diagnostic Information for Support (pfSense): Documentation looks good. Been using it on tickets for awhile and customers seem to understand it well.
Marking re... Christopher Cope
03:18 PM pfSense Docs Correction #13429 (Resolved): Update CRL Lifetime default value: Looks good. Marking as resolved. Christopher Cope
12:53 PM pfSense Docs Correction #13429 (Feedback): Update CRL Lifetime default value: Fixed and deployed
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9a5b5341097dccc08f99f428ed9f67cf66bacc1d Jim Pingle
04:08 AM pfSense Docs Correction #13429 (Resolved): Update CRL Lifetime default value: https://docs.netgate.com/pfsense/en/latest/certificates/crl.html#create-a-new-certificate-revocation-list... Danilo Zrenjanin
02:43 PM pfSense Packages Bug #13432 (Incomplete): ups driver will not start: I cannot get a USB-connected UPS to be recognized unless the nut usb driver is started with the "-u root" option.
... Scott Lampert
01:05 PM pfSense Docs Correction #13428 (Feedback): Firewall rules clarification: Fixed and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/07564b51b361a9351ab0ac65d2d553261de48dc8
Jim Pingle
07:27 AM pfSense Docs Correction #13428: Firewall rules clarification: It is correct but could maybe be more clear.
It says "traffic initiated from the LAN". It does *NOT* say "traffic ... Jim Pingle
01:02 PM pfSense Docs Correction #13431 (Feedback): Incorrect count of /24 networks in a /5 CIDR block: Actually the remaining values in that whole column were off from that point down. Should be fixed shortly once the bu... Jim Pingle
11:27 AM pfSense Docs Correction #13431 (Resolved): Incorrect count of /24 networks in a /5 CIDR block: *Page:* https://docs.netgate.com/pfsense/en/latest/index.html
*Feedback:*
Good morning.
Reading "The pfSense d... Abraham Samuel B. SANFO
10:51 AM pfSense Plus Bug #13430 (Not a Bug): Redundate Breadcumb Path in Diagnostics > Backup & Restore: Version: 22.05-RELEASE
This is very minor, but I noticed a redundancy in the breadcrumb path of *Backup & Restore*... Lonnie Best
07:12 AM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit: The patch does not alter the configuration or lifetimes of existing entries, it (a) reduces the default for new CRL e... Jim Pingle
04:03 AM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit: Tested the patch:... Danilo Zrenjanin

08/18/2022

11:44 PM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made: Andrzej Milewski wrote in #note-3:
> I have BIND version 9.16-11 package and pfSense version 2.5.2. Serial number no... Gabriel Millerd
04:57 PM pfSense Docs Correction #13428 (Resolved): Firewall rules clarification: In https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html, the following text is, at best, unclear... Dave Madsen
08:11 AM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit: The patch has been committed into the System Patches package and will be available to users there soon once some work... Jim Pingle
08:09 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: Pim Pish wrote in #note-3:
> Here's a similar case.
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288
W... Jim Pingle
02:33 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: Here's a similar case.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288 Pim Pish
04:20 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast: I probably made a mistake. Every thing is still working including the GUI. Note that there seems to be two versions o... Louis B
01:54 AM Feature #13411: Packet capture does not support 6rd tunnels: Thanks; I can confirm that this works.
* Installs cleanly with the System Patches tool
* Provides the option to ca... Daniel Engel

08/17/2022

08:01 PM Revision 611de84a: Encode filename browser.php. Fixes #13262: (cherry picked from commit 1b5919c769ba736b44819f71ee1ddce06e2a50c5) Jim Pingle
07:52 PM Revision f6404cad: CRL lifetime fixes to avoid rollover. Fixes #13424: (cherry picked from commit a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2) Jim Pingle
07:52 PM Revision 6dc07508: Skip URL tables with invalid names. Fixes #13425: (cherry picked from commit db0cdbc8e77a47b45a6da4061e5d8e59e0fc592d) Jim Pingle
07:52 PM Revision 22f7276c: Clean up+encode pkg rule filenames. Fixes #13426: (cherry picked from commit 4d9dd165e471394bb2ca520d56f8d8f9a82bb99a) Jim Pingle
07:52 PM Revision 7c54d26e: CA/Cert descr validation fixes. Fixes #13387: Validate description on save when editing and in other situations that
were not yet covered.
While here, ensure that... Jim Pingle
07:49 PM Revision a3c15890: CRL lifetime fixes to avoid rollover. Fixes #13424: Jim Pingle
07:38 PM Revision db0cdbc8: Skip URL tables with invalid names. Fixes #13425: Jim Pingle
07:26 PM Revision 4d9dd165: Clean up+encode pkg rule filenames. Fixes #13426: Jim Pingle
02:55 PM Bug #13424 (Feedback): CRL expiration date with default lifetime is too long, goes past UTCTime limit: Applied in changeset commit:a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2. Jim Pingle
01:44 PM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit: Applied diff manually.
Restarted OpenVPN server service, bingo, it works!
Thanks! Greg M
11:11 AM Bug #13424 (Pull Request Review): CRL expiration date with default lifetime is too long, goes past UTCTime limit: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/842
Diff attached for testing.
Jim Pingle
10:40 AM Bug #13424 (Resolved): CRL expiration date with default lifetime is too long, goes past UTCTime limit: The default lifetime on internal CRLs is 9999 which as of now lands the expiration of a CRL past 2050. The CRL librar... Jim Pingle
02:55 PM Bug #13425 (Feedback): Invalid alias name can still be used by code attempting to validate URL table content: Applied in changeset commit:db0cdbc8e77a47b45a6da4061e5d8e59e0fc592d. Jim Pingle
02:09 PM Bug #13425 (Resolved): Invalid alias name can still be used by code attempting to validate URL table content: When validating an alias on save, the name is checked for validity, however the name is still used during validation ... Jim Pingle
02:55 PM Bug #13426 (Feedback): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding: Applied in changeset commit:4d9dd165e471394bb2ca520d56f8d8f9a82bb99a. Jim Pingle
02:16 PM Bug #13426 (Resolved): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding: If there is a file named @/tmp/rules.packages.|<command>|.txt@, then when an authenticated GUI user loads @status.php... Jim Pingle
02:50 PM Revision 6c055aaf: captiveportal: fix comment: Restore the correct comment, as pointed out by "Fole Systems" in
https://redmine.pfsense.org/issues/13323#change-62565 Kristof Provost
01:52 PM Bug #12938: Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value: I still get thousands of messages like:... Louis B
01:14 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway: Tested:
2.5.0 - Passes TCP traffic from both WANs
2.5.1 - Fails as described
2.5.2 - Fails as described
2.6.0 - F... Steve Wheeler
08:38 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway: Tested:
22.09.a.20220729.0600 - same behaviour
21.02.2-rel - same behaviour
21.02-rel - works as expected
<pre... Steve Wheeler
06:46 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway: Attached rules from the tested firewall in 22.05. Steve Wheeler
10:52 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast: I changed my pfSense disk (SSD) for which reason I had to reinstall pfSense. After installing CE 2.7.0 version Fri Au... Louis B
10:16 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: A few other details:
This seems to only affect GUA (and possibly ULA) addresses, Link Local addresses always respo... Jim Pingle
09:57 AM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases: This is proving fairly difficult to pin down a set of "steps to duplicate." In some cases an IPv6 interface seems to ... Chris Linstruth
09:32 AM Feature #13422 (Duplicate): Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options: In the IPv4 DHCP server the Additional BOOTP/DHCP Options allow setting the option type. Currently the DHCPv6 server ... Steve Wheeler
06:36 AM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED: shawn butts wrote:
> The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"... Jonas R

08/16/2022

11:28 PM pfSense Packages Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined: Here's a workaround for this issue however seems the workaround will not stay after network disconnection etc.or some... UserPfbUg User
09:11 PM pfSense Packages Bug #13421 (New): Stunnel certificate does not refresh: I use stunnel with ACME certificates which expires every 90 days. When the certificate is 6í days old ACME auto refre... A Schnee
06:39 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway: This only affects traffic sourced from the firewall itself. Policy routed traffic from other local subnets opens stat... Steve Wheeler
06:32 PM Regression #13420 (Resolved): TCP traffic sourced from the firewall can only use the default gateway: Traffic sourced from the firewall itself will always open states on the interface with the default system route. Even... Steve Wheeler
03:49 PM Feature #13411: Packet capture does not support 6rd tunnels: It should work on 22.05 and 2.7. Here's the patch specifically for 2.6 though. Marcos M
03:02 PM Feature #13411: Packet capture does not support 6rd tunnels: I can't say whether the patch makes any difference or not; I cannot apply it:... Daniel Engel
02:58 PM pfSense Docs Todo #13419 (Resolved): Note FreeRADIUS request/response limitation: Add the following note to:
https://docs.netgate.com/pfsense/en/latest/packages/freeradius.html#troubleshooting-radiu... Marcos M
02:12 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Hello Christian,
thank you VERY MUCH for looking into this. Any sort of workaround or patch would be GREATLY appr... Frank Lee
10:16 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients: The comment ... Flole Systems

08/15/2022

05:14 PM Bug #13417 (Feedback): Kernel panic: pf_purge: Marcos M
04:28 PM Bug #13417: Kernel panic: pf_purge: ... Mateusz Guzik
01:48 PM Bug #13417 (Feedback): Kernel panic: pf_purge: On a 7100 with 22.05:
> When we came into the office this morning, the pfSense was down, with no internet access t... Marcos M
03:41 PM Revision 67f0518a: Update UPnP status regex. Fixes #4500: Submitted-By: rtadams89 @ GitHub PR #4610 Jim Pingle
03:29 PM Regression #13418 (Resolved): Captive Portal does not keep track of client data usage: Setup:
* pfSense+ 22.05
* Configure Captive Portal on VLAN interface
* Use FreeRADIUS auth backend
* Check @Reaut... Dale Harron
01:33 PM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present: Jim Pingle
10:50 AM Bug #4500 (Feedback): UPnP/NAT-PMP status page does not display all port mappings: Applied in changeset commit:67f0518a9a00b6709e997b55b569926ef22c109d. Jim Pingle
10:45 AM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: Tested the PR and it worked well for that last problem case I mentioned. PR will be merged shortly. Thanks! Jim Pingle
10:33 AM Bug #4500 (Pull Request Review): UPnP/NAT-PMP status page does not display all port mappings: Jim Pingle
09:58 AM pfSense Docs Correction #12659 (Resolved): Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces: Merged and deployed. Jim Pingle
09:54 AM pfSense Packages Bug #12130 (Closed): Zeek fails to start: Jim Pingle
12:54 AM pfSense Packages Bug #12130: Zeek fails to start: I've tested on 22.05 pfsense release and Zeek (3.0.6_3) is started with out any issue. The file local.zeek is present... aleksei prokofiev
09:54 AM Regression #13323 (Resolved): Captive Portal breaks policy based routing for MAC address bypass clients: If it works as expected on a snapshot with the fix that's sufficient. Jim Pingle
09:53 AM pfSense Packages Bug #13415: Pushing WireGuard traffic out a specific GW using static routes crashes the WireGuard Service: Seems highly unlikely it's related to policy routing, but maybe the way the service is restarted or the conditions at... Jim Pingle
09:11 AM Feature #13416 (New): Change gateway monitoring actions default to "disabled": I posit that the expense of running gateway monitoring actions is too expensive and disruptive to be enabled on every... Chris Linstruth
03:57 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast: Hello,
Just for info:
Related to PIMD
- I am still a happy PIMD user however the very old >>released version<<... Louis B

08/14/2022

08:38 PM Bug #10792 (New): Crash when switching interface off and on again in cohesion with multicast: This happened after renaming the description of a VLAN on an LACP LAGG consisting of ix0 and ix1 on a Netgate 7100 ru... Marcos M
07:59 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients: Duplicated similar environment in 22.05. Confirmed policy routing was ignored for passthrumac entry hosts.
Upgrade... Chris Linstruth
07:18 PM Feature #13411: Packet capture does not support 6rd tunnels: If I understand this correctly, the following patch should cover it:
https://redmine.pfsense.org/issues/13382
App... Marcos M
07:16 PM Todo #13414: IPsec: Phase 1 Delay advanced option does not include scale or type of timer in Description: For what it's worth, the online docs explains things in more detail (including specifying seconds). Marcos M
07:11 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields: I think the beta dark style should be removed at this point - it's even less up-to-date than the normal dark one and ... Marcos M
03:30 AM pfSense Packages Bug #13415 (New): Pushing WireGuard traffic out a specific GW using static routes crashes the WireGuard Service: This relates to Bug #11613 and Bug #12811
Trying to work around Bug #12811 I set up a Gateway Group containing 2 ... Oskar Stroka
02:31 AM pfSense Packages Bug #13404: LDAP authentication does not working: Hello,
yes, I can't find the right options that allow me to configure ldap authentication when you don't have admin ... Ettore Caprella

08/13/2022

09:06 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Sadly this is still a problem for me. Is there anything I can do to help move this bug along? John Williams
08:02 PM Bug #13396: Custom logo or background image is created with two dots (``..``) before the file extension: Tested and confirmed that the file extension gets an extra "." added when uploading a custom logo to the portal.
... Kris Phillips
06:58 PM Todo #13414 (New): IPsec: Phase 1 Delay advanced option does not include scale or type of timer in Description: The description for dead peer detection delay does not include the type of timer, or the scale. This makes it difficu... Pat Jensen
06:43 PM pfSense Packages Bug #13404: LDAP authentication does not working: Hello,
The virtual-server-default config file is generated from the webConfigurator in freeRADIUS. You shouldn't ... Kris Phillips
06:32 PM pfSense Docs Correction #12659: Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces: - From what I can see on a 5100 with both 22.05 and 22.01:
- Default settings are: @dev.ix.#.fc=0@ and @hw.ix.flow_co... Chris W
06:31 PM pfSense Packages Bug #13409 (Confirmed): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only: Confirmed on 22.05. Pressing the button does nothing in HTTP mode. Switches back to HTTPS and it functioned as expe... Kris Phillips
06:28 PM pfSense Packages Bug #13410: ClamAV 0.104.2 is subject to several vulnerabilies: The latest is on Freshports. We should probably bump the pfSense squid package up a version and pull in the updated ... Kris Phillips
06:25 PM Bug #13413: Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages: I can't reproduce this, but only because I can't get this error to pop up. I've tried intentionally breaking Wiregua... Kris Phillips
05:28 AM Bug #13413 (Resolved): Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages: If something goes wrong when you save the config changes of Wireguard (can't determine what it was in my case)
you w... Lev Prokofev
01:59 PM Bug #8846 (Resolved): Misleading error message when adding/editing static routes which use a gateway on a disabled interface: fixed
the GW will be disabled if the interface was disabled.
if there was a static route the GW will disappe... Alhusein Zawi
01:13 PM pfSense Packages Bug #12506 (Resolved): Only selected instance is restarted on suppress list change: Tested against:... Danilo Zrenjanin
09:29 AM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates: Tested:... Danilo Zrenjanin
03:21 AM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: I've just submitted a pull request to fix both of these issues: https://github.com/pfsense/pfsense/pull/4610 Ryan Adams
02:57 AM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: I have this same issue, caused both when the "label" on a rule is missing OR in my case when the rule allows only fro... Ryan Adams
01:33 AM Feature #701: Interface groups with NAT: Was this ever implemented? Status still "open" after >12 years... Suriname Clubcard
01:25 AM pfSense Packages Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined: https://forum.netgate.com/topic/174018/squidguard-rewrite-rule-bug
If manually modify the squidguard configuration f... UserPfbUg User
01:21 AM pfSense Packages Bug #13412 (New): SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined: So, SquidGuard - Rewrites
If we create a new rewrite rule, add 1 rewrite condition and save it, Apply, it works ... UserPfbUg User

08/12/2022

07:32 PM Revision b0d417e2: Correct omission of ipv6 addresses in get_interface_addresses. #11545: The original v6 translation wrapping from pfSense_get_ifaddrs() output to that
of pfSense_get_interface_addresses had... Reid Linnemann
04:13 PM Bug #7996: Unnecessary link tag in login page: Pull request tested on... Christopher Cope
03:57 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields: Tested on... Christopher Cope
02:46 PM pfSense Docs New Content #13401 (Feedback): Best practices doc for rotating credentials and keys: This should be reasonably complete. Can add anything else over time / as needed.
https://gitlab.netgate.com/docs/p... Jim Pingle
02:18 PM Regression #11545: Primary interface address is not always used when VIPs are present: Found it, it looks like I had some confusion in my array keys migrating the v6 address from the output of pfSense_get... Reid Linnemann
12:39 PM Feature #13411 (Closed): Packet capture does not support 6rd tunnels: Only the WAN interface is shown in the interface selection box, no sign of WAN_STF.
The capture log is empty aft... Daniel Engel
08:02 AM pfSense Packages Bug #13410 (New): ClamAV 0.104.2 is subject to several vulnerabilies: The current ClamAV pkg: clamav-0.104.2,1 is subject to a number of new vulnerabilites:
https://blog.clamav.net/2022/... Steve Wheeler
06:35 AM pfSense Packages Bug #13409 (Pull Request Review): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only: Under *VPN/WireGuard/Peers/Edit* - *Optional pre-shared key for this tunnel* Copy button works only when the GUI runs... Danilo Zrenjanin
06:29 AM pfSense Packages Bug #12258 (Resolved): Copy key buttons only work in HTTPS mode: Tested against:... Danilo Zrenjanin
02:36 AM pfSense Packages Bug #13404: LDAP authentication does not working: I can add moreover that I don't have any admin privileges on the ldap server and the ldap doesn't store any password ... Ettore Caprella

08/11/2022

06:31 PM Bug #13408 (Resolved): PF can fail to load a new ruleset: In some circumstances pfctl fails to load the rulset after it's updated. It shows errors like:... Steve Wheeler
04:34 PM pfSense Plus Regression #13355 (Resolved): OpenVPN crashes after reaching the configured concurrent connection limit: Tested on... Christopher Cope
04:02 PM Feature #12982: Add support for RFC7499 in RADIUS library.: I've been working on the radius code quite a bit over the past few weeks. The radius client library used in pfSense d... Christian McDonald
03:29 PM pfSense Packages Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable: The @<br />@ shown there is done on purpose - this affects the alias details when hovering over an alias on the firew... Marcos M
03:00 PM pfSense Plus Bug #13407 (Not a Bug): pfsense dhcp_leases dont load: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:58 PM pfSense Plus Bug #13407 (Not a Bug): pfsense dhcp_leases dont load: !clipboard-202208111656-c8uzl.png!
in my pfsenses in version 22.05 Plus dhcp leases page dont load
Error 504 - ... Leonardo Furquim
02:31 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: Another +1, with a bit more information. I have 3 pfSense 2.6.0 boxes: 2 in an HA pair and 1 standalone. Both site... Jason Schechner
01:59 PM Feature #12070: Support for VLAN ``0``: It seems this is fixed by:
https://reviews.freebsd.org/rGabf5bff71d38da3c797a3b6decb426c375cc0f8f Marcos M
12:41 PM Bug #13406 (Not a Bug): Moving webConfigurator to HTTP protocol voids the current password defined in the user management: That would have no effect on the password. The browser is -- correctly -- preventing cookies from working due to HSTS... Jim Pingle
12:37 PM Bug #13406 (Not a Bug): Moving webConfigurator to HTTP protocol voids the current password defined in the user management: Steps to reproduce:
1.)Under System/Advanced/Admin Access, choose the HTTP protocol under webConfiguration setting... Danilo Zrenjanin
09:12 AM pfSense Packages Bug #13405 (New): Wireguard: The webgui becomes excessively slow to respond with a large number of peers: Webgui pages that include data from Wireguard can become very slow to respond with a large number of elements present... Steve Wheeler
08:20 AM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces: I proposed a patch in https://reviews.freebsd.org/D36139
It works for me, but I'd like the Intel people (and driver ... Kristof Provost
06:57 AM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces: I've been able to reproduce this (on pfsense/main).
That required the following:... Kristof Provost
07:50 AM pfSense Packages Bug #12414 (Resolved): DNSBL SafeSearch page displays input validation error if DoH / DoT blocking is not enabled: Tested:... Danilo Zrenjanin
04:51 AM pfSense Packages Bug #13404 (Not a Bug): LDAP authentication does not working: Hi all,
has anyone encountered this particular issue with Freeradius3 0.15.7_33 with LDAP when a user tries to authe... Ettore Caprella
04:35 AM pfSense Packages Feature #13403 (New): Option to suppress graphing for individual thermal zones: As in many systems the thermal_tz1 and thermal_tz0 are invariant (not really present) it would be nice if they could ... odo maitre

08/10/2022

03:34 PM pfSense Packages Feature #13402 (New): Monitor graph thermal sensors F option vs just C: So the thermal widget allows showing temps in F, but if you look at the monitor graph it is only in C.
Allow for t... JohnPoz _
11:20 AM pfSense Docs New Content #13401: Best practices doc for rotating credentials and keys: Brad Davis wrote in #note-1:
> Maybe also add CA and certificates?
CA/Certs have that built in -- they expire. Th... Jim Pingle
11:18 AM pfSense Docs New Content #13401: Best practices doc for rotating credentials and keys: Maybe also add CA and certificates? Brad Davis
11:04 AM pfSense Docs New Content #13401 (Resolved): Best practices doc for rotating credentials and keys: We need a document somewhere in the pfSense docs which describes methods for periodic rotation of security-related it... Jim Pingle
06:37 AM pfSense Packages Bug #13395: pfBlockerNG changes firewall URLs to unparseable: pfSense 22.05
pfBlockerNG-devel 3.1.0_4
Steps to recreate:
Run wizard and (re)create the default setup.
It mi... Per-Arne Hellarvik
06:16 AM pfSense Packages Bug #13395: pfBlockerNG changes firewall URLs to unparseable: I couldn't replicate the issue on the 22.05 pfSense release.
I tested against:... Danilo Zrenjanin

08/09/2022

07:47 AM pfSense Packages Bug #12206 (Resolved): Certificate Manager page doesn't show Net-SNMP used certificates: Azamat Khakimyanov
03:31 AM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask: Yousif Hassan wrote in #note-12:
> Azamat Khakimyanov wrote in #note-11:
> > Tested on 22.05
> >
> > With IP: 17... Azamat Khakimyanov

08/08/2022

10:37 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: @Reid - per your previous question - yes our entire list is only IP addresses with a #comment after each address. No ... Bob Smith
04:29 PM Bug #13014: Deadlock in Charon VICI interface: It doesn't appear to be related to AES-NI. Had the issue happen a couple times with AES-NI disabled. Gassy Antelope
01:31 PM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces: Tested: FreeBSD-14.0-CURRENT-amd64-20220729-467d3e2e8aa-257025-memstick.img Steve Wheeler
12:36 PM pfSense Docs Correction #13400: Feedback on Cellular Wireless — Known Working 3G-4G Modems: Felipe de Lorenzi wrote:
*Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html

*Feedback:*... Felipe de Lorenzi
12:35 PM pfSense Docs Correction #13400 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:* The correct command for the ... Felipe de Lorenzi
11:52 AM pfSense Packages Bug #12206 (Assigned): Certificate Manager page doesn't show Net-SNMP used certificates: Tested on 22.05
After configuring CA and Certificate for Net-SNMP, and choosing 'Interface Binding: TLS/TCP' I saw N... Azamat Khakimyanov
10:57 AM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask: Azamat Khakimyanov wrote in #note-11:
> Tested on 22.05
>
> With IP: 172.24.208.1/23 on DMZ interface and enabled... Yousif Hassan
07:40 AM Todo #13398: Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established: Should be easy enough to fix, it's already doing a test of enabled/disabled there just above where it prints the info... Jim Pingle
07:21 AM pfSense Plus Bug #13399: Routing/Gateway - Can't switch from dynamic to Static IP-adress: Jim Pingle wrote in #note-1:
> Dynamic gateways can't change that way and are not intended to. They are not true ful... Jonas R
07:13 AM pfSense Plus Bug #13399 (Not a Bug): Routing/Gateway - Can't switch from dynamic to Static IP-adress: Dynamic gateways can't change that way and are not intended to. They are not true full gateway entries, they are auto... Jim Pingle
07:18 AM pfSense Docs Correction #8852 (Resolved): Clarify purpose of "Client Identifier" in DHCP static mapping: Merged and deployed. Jim Pingle
07:15 AM pfSense Docs Correction #12659: Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces: Chris W wrote in #note-3:
> Should the "ixgbe(4) (aka ix)" part be removed from under the System Tunables area since... Jim Pingle
07:11 AM Bug #12779 (New): Bogus domain generated for reverse DDNS when network mask is custom (not 24 16 or 8): Jim Pingle
06:58 AM pfSense Packages Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute: Tested on 22.05
Both LDAP server configurations have ipaNThash control attribute.
I marked this Bug as resolved. Azamat Khakimyanov

08/07/2022

07:04 AM Bug #8179 (Resolved): Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask: Tested on 22.05
With IP: 172.24.208.1/23 on DMZ interface and enabled DHCP pool: 172.24.208.10-172.24.209.254 and ... Azamat Khakimyanov
05:23 AM pfSense Plus Bug #13399 (Not a Bug): Routing/Gateway - Can't switch from dynamic to Static IP-adress: Was doing some experiments which lead to some unforseen troubleshooting (thanks ZFS-snapshots for making it easy to r... Jonas R

08/06/2022

09:18 PM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: Setting "Auto" for the algorithm also causes issues. Formerly, it used to error out on "Auto" not being a valid opti... Kris Phillips
09:00 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring: Jim Pingle wrote in #note-2:
> It isn't valid to have both types on the same P1. I thought we already had checks tha... Kris Phillips
08:54 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages: The NUT package is in FreshPorts:
https://www.freshports.org/sysutils/nut/
This will be automatically brought in ... Kris Phillips
08:52 PM pfSense Docs Correction #12659: Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces: Should the "ixgbe(4) (aka ix)" part be removed from under the System Tunables area since it's already present in the ... Chris W
08:50 PM pfSense Packages Feature #13370: Wireguard Dashboard status: Gil Gil wrote in #note-4:
> Ideally, it would be nice to see which Peers are connected, similar to the status of the... Kris Phillips
05:50 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: Dogpiling on -- have two pfSense+ (Netgate appliances) that have experienced this issue... Both on 22.05-RELEASE
B... IT Admin
02:51 PM Bug #7040 (Resolved): Issue when disabling an interface: Disabling the parent interface will stop the connectivity to all connected networks/VLANs , the vlan is up and you ... Alhusein Zawi
02:11 PM Bug #7551 (Resolved): Dynamic IPsec endpoints not added to rule set after WAN down/up: tested on 22.05-RELEASE
fixed.
when port is down (disabled WAN2 port) :
# VPN Rules
# Could not locate inte... Alhusein Zawi
08:27 AM pfSense Packages Bug #12706 (Resolved): pfBlockerNG and unbound does not work after switching /var to RAM disk: Tested:... Danilo Zrenjanin
06:14 AM pfSense Packages Bug #13114: BIND calls rndc in rc_stop when named is not running: Any instructions on how to replicate/test this case would be appreciated. Danilo Zrenjanin
06:10 AM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client": It's not a bug, then. The correct syntax must be manually entered in the Custom Options field in the OpenVPN base cli... Danilo Zrenjanin
01:09 AM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client": In origin, the config was imported to 22.01.
With problems:
OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)... Lev Prokofev

08/05/2022

09:18 PM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat: Sorry to keep pestering about this, but I am wondering what else needs to be done to include this?
Thank you. Karim Elatov
07:48 PM Todo #13398 (Resolved): Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established: It appears that the default state for the info button is expanded when IPsec is disabled, and closed when a tunnel is... Chris W
06:35 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Hello Netgate Folk,
What if you created a version with this fix that could be applied with the Patch tool? I know ... Dennis Adler
02:18 PM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client": Which version(s) of the OpenVPN binary are in place on the _clients_ when they have problems / when they do not have ... Jim Pingle
01:46 PM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client": Tested on the:... Danilo Zrenjanin
02:14 PM Bug #13014: Deadlock in Charon VICI interface: Interesting, I'll go ahead and disable AES-NI and see what happens. Gassy Antelope
01:25 PM Bug #13014: Deadlock in Charon VICI interface: FYI I had a customer who had a box working fine for years, but it had some slow performance due to high CPU usage. U... Kris Phillips
12:55 PM Bug #13387: Input validation is not rejecting invalid description characters when editing a CA or Certificate: Tested the patch against:... Danilo Zrenjanin
06:25 AM Feature #13397 (New): Schema and associated APIs for access point manufacturers to leverage to allow pfSense to manage/configure access points.: I suspect this will be heavily debated but please read my idea before dismissing it.
One of the reasons products l... Anchal Nigam
01:26 AM Bug #13396 (Resolved): Custom logo or background image is created with two dots (``..``) before the file extension: When you upload a Logo or a Background Logo, its created with 2 .. (Dots) in the extension. So you have "captiveporta... OpIT GmbH

08/04/2022

08:54 PM Bug #13014: Deadlock in Charon VICI interface: Here's a kernel trace that shows what occurs when it crashes. I know the previous dump someone posted didn't show any... Gassy Antelope
01:38 PM pfSense Packages Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable: It seems like the Auto creation of the update-urls in Firewall->Aliases->URLs get some addition which should not be t... Per-Arne Hellarvik
12:26 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Some of the issues with FQDNs are better with 2.6/2.7.0-development and 22.05, but there are still very real problems... Reid Linnemann
08:04 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Hi all,
i think this issue is solved in the version 2.6.0. I have 2 diffrent pfsense. One is on the verison 2.4.4-P... Marco Jäger
08:32 AM Regression #13394 (Resolved): ``ASN1_NULL.php`` missing from package build of ``security/php-openssl_x509_crl`` on snapshots: Current snapshots of Plus 22.09 and CE 2.7.0 have a problem with the build of @security/php-openssl_x509_crl@ where t... Jim Pingle
07:17 AM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Marcos M wrote in #note-4:
> Indeed it was the DoT option - what's the reason for @interface-automatic@ being depende... Jim Pingle
05:31 AM pfSense Docs New Content #13385 (Resolved): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead": Yes, it looks fine now. I am marking this ticket resolved. Danilo Zrenjanin

08/03/2022

04:15 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Indeed it was the DoT option - what's the reason for @interface-automatic@ being dependent on DoT being disabled? Whe... Marcos M
03:05 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: It's already set in the config where it can be:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/unbound... Jim Pingle
03:04 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: The issue is when it's bound to all. When it's bound to specific interfaces, it's not an issue.
https://gitlab.netga... Marcos M
02:52 PM Bug #13393 (Not a Bug): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: That's a limitation of Unbound when binding to specific interfaces/addresses or when acting as a DNS over TLS server.... Jim Pingle
02:36 PM Bug #13393 (Resolved): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: When unbound responds to DNS queries, it will by default respond with a source address that is closest to the request... Marcos M
02:37 PM Feature #13384: When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link: Just because they hit the add button there doesn't mean it should be restricted. It's to add a rule, period. It defau... Jim Pingle
02:32 PM Feature #13384: When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link: @Jim Pingle
It does indeed select the correct interface. What I'm saying is that it should not allow this to be a ... Michael Cropper
10:57 AM pfSense Plus Bug #13392: Ipv6 firewall exposing all global addresses on lan.: You're right. It qA pfblockerNG. Uninstalled and it's solved. Sorry for any inconvinience João Oliveira
10:44 AM pfSense Plus Bug #13392: Ipv6 firewall exposing all global addresses on lan.: Ii know this is not a help forum. pretty sure it’s a big since i have no ipv6 rules set on wan and the only floating... João Oliveira
10:35 AM pfSense Plus Bug #13392 (Not a Bug): Ipv6 firewall exposing all global addresses on lan.: That can only be true if your WAN rules are passing in the traffic or pf is disabled. That does not happen automatica... Jim Pingle
09:35 AM pfSense Plus Bug #13392 (Not a Bug): Ipv6 firewall exposing all global addresses on lan.: Hello.
I’ve just configured ipv6 provided by my isp with following settings\
Interfaces --> WAN --> DHCP6 Clien... João Oliveira
06:57 AM Regression #13391: Multiple Captive Portal interfaces do not properly form the list of portal IP addresses: User gertjan found the Problem. See this Post: https://forum.netgate.com/topic/173842/problem-with-multiple-interface... OpIT GmbH
03:30 AM Regression #13391 (Resolved): Multiple Captive Portal interfaces do not properly form the list of portal IP addresses: When you select multiple Interfaces in a Captive Portal Zone, its just creating Rules for one Interface and that caus... OpIT GmbH

08/02/2022

07:09 PM Bug #13390 (Pull Request Review): "Dark" theme uses the same colors for disabled and enabled input fields: Marcos M
07:09 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/839 Marcos M
07:03 PM Bug #13390 (Resolved): "Dark" theme uses the same colors for disabled and enabled input fields: As is, it's hard to tell the difference between input fields which are disabled and enabled. Marcos M
03:44 PM Bug #13389 (Duplicate): IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.: This issue exists on a build before the Jun 22nd release. This has already been fixed - NG #8287. Marcos M
01:51 PM Bug #13389: IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.: I should have clarified.
LAN2 is 10.0.5.1 (where I'm trying to get to from the client)
LAN is 10.0.1.1 (where CP ... Marcos M
01:47 PM Bug #13389 (Not a Bug): IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.: Unless I'm missing something here that's normal and expected.
Traffic _to_ a host on LAN from anywhere, including ... Jim Pingle
01:34 PM Bug #13389 (Duplicate): IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.: Running 22.05 amd64
The following rule exists at the top of the IPsec interface:... Marcos M
11:49 AM pfSense Plus Bug #13358 (Ready To Test): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed: Kristof Provost
10:19 AM pfSense Docs Todo #13369 (Feedback): Standardize mentions of macOS: This should take care of the remaining mentions: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/0349e56bf7e2ff... Jim Pingle
07:30 AM Feature #13388 (Resolved): Support for international characters in the AutoConfigBackup Hint/Identifier field: Using unexpected characters in the Hint/Identifier field results in an invalid xml error.
For example using the va... Steve Wheeler

08/01/2022

05:19 PM Revision 2fe0e0fa: CA/Cert descr validation fixes. Fixes #13387: Validate description on save when editing and in other situations that
were not yet covered.
While here, ensure that... Jim Pingle
04:10 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions: Ryan Coleman wrote in #note-9:
> Jim Pingle wrote in #note-8:
>
> > I don't think we should start down a path of... Jim Pingle
03:35 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions: Jim Pingle wrote in #note-8:
> I don't think we should start down a path of writing a manual for screen. We only e... Ryan Coleman
08:53 AM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions: Ryan Coleman wrote in #note-6:
> Jim Pingle wrote in #note-5:
> > Updated in pfSense docs as well: https://gitlab.... Jim Pingle
03:15 PM pfSense Docs New Content #12883 (Feedback): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): This should hopefully cover the topic in a few relevant places with minimal repetition:
https://gitlab.netgate.com... Jim Pingle
12:57 PM pfSense Docs New Content #12883 (New): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): Jim Pingle
08:36 AM pfSense Docs New Content #12883 (Pull Request Review): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): Jim Pingle
02:40 PM pfSense Docs New Content #13385 (Feedback): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead": This should cover it: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/94b3b01c346a8dcbc5718d0c39b55bdb1563705d Jim Pingle
12:35 PM Bug #13387 (Feedback): Input validation is not rejecting invalid description characters when editing a CA or Certificate: Applied in changeset commit:2fe0e0fab528be3e297ed14ddd9d9e73c99cc1c4. Jim Pingle
10:19 AM Bug #13387 (Resolved): Input validation is not rejecting invalid description characters when editing a CA or Certificate: When editing an existing CA or Certificate, the description is not validated on save the way it is validated during o... Jim Pingle
12:34 PM pfSense Docs New Content #11071 (Feedback): Add documentation for missing configuration items on IPv6 Router Advertisements: Merged and I also fixed a couple things in it after: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a5d062e917... Jim Pingle
07:34 AM pfSense Docs New Content #11071 (Pull Request Review): Add documentation for missing configuration items on IPv6 Router Advertisements: Jim Pingle
09:15 AM Bug #13383 (Feedback): Certificates cannot be created via csr in the Certificate Manager: I cannot reproduce this. I can create a CSR and sign it without error.
We'll need to know the exact input you are ... Jim Pingle
08:37 AM pfSense Docs Correction #8852 (Pull Request Review): Clarify purpose of "Client Identifier" in DHCP static mapping: Jim Pingle
08:31 AM Feature #13384 (Rejected): When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link: I can't replicate what you are stating here.
If I go to any given tab in firewall rules and add a new rule or edit... Jim Pingle
08:02 AM pfSense Packages Bug #13380 (Feedback): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client": Is this a problem in base or in the OpenVPN client export package? The issue was opened under base (not packages), bu... Jim Pingle
07:40 AM Bug #13376 (Rejected): Firewall ruleset fails to populate interface subnets/addresses if the internal interface names have been changed: The tags for assigned interfaces don't change like that. When changing the name of an interface it only changes the @... Jim Pingle
07:33 AM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring: It isn't valid to have both types on the same P1. I thought we already had checks that prevented ending up with the c... Jim Pingle
06:47 AM pfSense Packages Bug #12683 (Resolved): snort_get_vpns_list() does not include OpenVPN CSO: Tested on 22.05
OpenVPN CSO subnet/IP were successfully added as VPN Addresses into Snort Pass List
I marked th... Azamat Khakimyanov
04:16 AM pfSense Packages Bug #11693 (Resolved): IPv6 static routing fails: Tested on 22.05
When I setup FRR static route 240d::/20 via DHCPv6 interface I got correct static route in frr.con... Azamat Khakimyanov

07/31/2022

09:06 PM Feature #13382 (Pull Request Review): Packet Capture GUI with granular control: Louis B wrote in #note-7:
> Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at t... Marcos M
11:03 AM Feature #13382: Packet Capture GUI with granular control: Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at the same time. So I would be g... Louis B
02:35 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions: Thoughts: @ls -l /dev/cu.*@ will specifically show all available cu devices regardless of driver, which is what we ar... Chris Linstruth
02:15 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions: Jim Pingle wrote in #note-5:
> Updated in pfSense docs as well: https://gitlab.netgate.com/docs/pfSense-docs/-/commit... Ryan Coleman
11:21 AM pfSense Packages Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces: Tested on 22.05
I wasn't able to reproduce this issue. After deleting interface which were chosen for BFD peer, I ... Azamat Khakimyanov
09:49 AM Bug #13386: service is work: MRT_DEL_MFC; Errno(49): Can't assign requested address: Version 2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE
igmpproxy-0.3,1 Torstein Eide
09:45 AM Bug #13386 (New): service is work: MRT_DEL_MFC; Errno(49): Can't assign requested address: The service looks to be unable to work properly.
@
Jul 31 15:17:37 igmpproxy 80356 MRT_DEL_MFC; Errno(49): Can'... Torstein Eide

07/30/2022

09:38 PM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: I tried to recreate this and got a different error message with the same Phase 1 settings:
Phase 1 Hash Algorithm ... Kris Phillips
09:20 PM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client": Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead def... Kris Phillips
07:12 PM Bug #7096: Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces": unbound starts as expected with only two WAN connections set for outgoing network interfaces and only selected intern... Jordan G
06:53 PM pfSense Docs Correction #8852 (Feedback): Clarify purpose of "Client Identifier" in DHCP static mapping: Merge request liking to RFC for explanation:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/47/ Chris W
05:27 PM pfSense Docs New Content #12883 (Feedback): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/46/ Chris W
02:47 PM Bug #12543 (Closed): Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.: Alhusein Zawi
12:58 PM pfSense Docs New Content #13385 (Resolved): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead": https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure-p1.html#ike-endpoint-configuration
Remote Gateway
... Danilo Zrenjanin
12:30 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Got it and checked, working as expected. Lev Prokofev

07/29/2022

07:10 PM Feature #13382: Packet Capture GUI with granular control: It's now fixed. Since it's currently still a work in progress, please leave feedback on the MR page if you have acces... Marcos M
02:35 PM Feature #13382: Packet Capture GUI with granular control: Promiscuous mode is on by default, as compared to previously where it is off by default, and turning it off doesn't s... Christopher Cope
04:03 PM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces: It looks like this issue still happens in FreeBSD Head. Though unlike in pfSense (FreeBSD 12) we can see outbound tra... Steve Wheeler
03:51 PM Feature #13384 (Rejected): When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link: As a system admin adding/editing a Firewall Rule
I want to Add/Edit a Firewall Rule specifically against the Inter... Michael Cropper
03:09 PM Feature #8173: dhcp6c - RAW Options: I have added a PR with the changes of the dhcp6 client : https://github.com/pfsense/FreeBSD-ports/pull/1181
Until th... Paul M
02:12 PM Feature #13377: Option to configure a custom value for the PHP memory limit: The change only applies to the PHP used directly by pfSense, as they are set with config.inc.
For testing you can us... Christopher Cope
01:56 AM Feature #13377: Option to configure a custom value for the PHP memory limit: Seems no changes,
Set 256M
!clipboard-202207290952-dkowf.png!
Reboot,
checked with
echo ini_get("memory_... Lev Prokofev
12:26 PM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Konstantin Panchenko wrote in #note-12:
> I see the issue was closed by adding "-resp_text" option, however without ... Marcos M
11:55 AM Bug #13378 (Not a Bug): Captive portal - Uncaught Error: Call to undefined function pfSense_pf_cp_get_eth_pipes() in /etc/inc/captiveportal.inc:1660: That seems to be a failed upgrade - try reinstalling. If you are able to reproduce it reliably, feel free to provide ... Marcos M
10:28 AM Regression #13162: Upgrade does not work when using only IPv6 DNS servers: A couple of observations on this change, and the function in general. Firstly, there's a $nameservers variable being ... Jonathan Snell
09:27 AM Bug #13383: Certificates cannot be created via csr in the Certificate Manager: Sorry, 2.6 of course. Not 2.6.2 :-)
Seems src/usr/local/www/system_certmanager.php is also affected. B P
09:24 AM Bug #13383 (Rejected): Certificates cannot be created via csr in the Certificate Manager: Certificates cannot be created via csr in the Certificate Manager since version 2.6.2. The introduced regex seems to ... B P
05:49 AM pfSense Packages Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: Tested:... Danilo Zrenjanin
04:39 AM pfSense Packages Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Tested:... Danilo Zrenjanin
04:10 AM pfSense Plus Bug #13358 (Pull Request Review): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/102
The issue here is that one of the assumptions ... Kristof Provost

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

08/27/2022

08/26/2022

08/25/2022

08/24/2022

08/23/2022

08/22/2022

08/21/2022

08/20/2022

08/19/2022

08/18/2022

08/17/2022

08/16/2022

08/15/2022

08/14/2022

08/13/2022

08/12/2022

08/11/2022

08/10/2022

08/09/2022

08/08/2022

08/07/2022

08/06/2022

08/05/2022

08/04/2022

08/03/2022

08/02/2022

08/01/2022

07/31/2022

07/30/2022

07/29/2022