https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-03-15T09:23:33ZpfSense bugtrackerpfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=321862017-03-15T09:23:33ZKill Bill
<ul></ul><p>Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=321872017-03-15T09:23:49Ztqwqllrm tqwqllrm
<ul></ul><p>Additional information: The pfSense box is running OpenVPN so this may be a problem with this version of squid not being able to define localnet on a multi-interface pfSense platform</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=321892017-03-15T09:25:57Ztqwqllrm tqwqllrm
<ul></ul><p>Kill Bill wrote:</p>
<blockquote>
<p>Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.</p>
</blockquote>
<p>This is already ticked / enabled. More detail: I need localnet defined because I use "never_direct allow localnet" in "General / Advanced Options" to force clients through the pfSense squid proxy which itself uses an upstream parent. Since the upgrade to the squid package it is now not seeing localnet in /usr/local/etc/squid/squid.conf</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=321902017-03-15T09:28:47ZKill Bill
<ul></ul><p>Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=321932017-03-15T09:35:34Ztqwqllrm tqwqllrm
<ul></ul><p>Kill Bill wrote:</p>
<blockquote>
<p>Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.</p>
</blockquote>
<p>It is a bug, introduced since version 0.4.36_1. Perhaps I haven't explained it enough but I have a workaround. Hopefully someone else will submit the same bug and provide whatever information is required for proper investigation.</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=321942017-03-15T09:39:29ZKill Bill
<ul></ul><p>No, it's not, noone touched the relevant code for years.</p>
<p><a class="external" href="https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1340">https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1340</a><br /><a class="external" href="https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1866">https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1866</a><br /><a class="external" href="https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1931">https://github.com/pfsense/FreeBSD-ports/blame/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L1931</a></p>
<p>And here are the changes between 0.4.36 and 0.4.36_1:<br /><a class="external" href="https://github.com/pfsense/FreeBSD-ports/pull/313/files">https://github.com/pfsense/FreeBSD-ports/pull/313/files</a></p>
<p>Kindly use the forums for discussion.</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=322142017-03-15T15:30:36ZKill Bill
<ul></ul><p>And FYI regarding the OpenVPN: <a class="external" href="https://redmine.pfsense.org/issues/4331">https://redmine.pfsense.org/issues/4331</a> (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=322182017-03-15T18:07:57Ztqwqllrm tqwqllrm
<ul></ul><p>Kill Bill wrote:</p>
<blockquote>
<p>And FYI regarding the OpenVPN: <a class="external" href="https://redmine.pfsense.org/issues/4331">https://redmine.pfsense.org/issues/4331</a> (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)</p>
</blockquote>
<p>FYI it worked fine before I upgraded to 0.4.36_1</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=335992017-08-22T11:31:33ZKill Bill
<ul></ul><p>As noted in <a class="external" href="https://redmine.pfsense.org/issues/7391#note-7">https://redmine.pfsense.org/issues/7391#note-7</a> the OpenVPN interfaces are not added by design since it adds invalid information that does not and cannot work (see Bug <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Issue with VPN interface within Squid 3.4 for Transparent Proxy (Resolved)" href="https://redmine.pfsense.org/issues/4331">#4331</a>).</p>
<p>Close please, there's no bug here.</p> pfSense Packages - Bug #7391: 0.4.36_1 localnet ACL missinghttps://redmine.pfsense.org/issues/7391?journal_id=336012017-08-22T11:39:15ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Not a Bug</i></li><li><strong>Priority</strong> changed from <i>High</i> to <i>Normal</i></li><li><strong>Affected Version</strong> deleted (<del><i>2.3.3</i></del>)</li></ul>