pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162021-01-03T07:09:56ZpfSense bugtracker
Redmine pfSense - Feature #11213 (New): Option to mark gateway as down directly from Tablehttps://redmine.pfsense.org/issues/112132021-01-03T07:09:56ZStefano Mereghetti
<p>Hello<br />Sometimes it happened to me to put in down state a gateway that was part of a group of Gateways.<br />To do this, as the guide says, I need to edit the gateway, select the "Mark Gateway as Down" option, save and apply.<br />Is it possible to add an icon directly in the table that makes the steps to enable the "Mark Gateway as Down" option and then ask to apply?<br />At the moment there is only the icon to disable a gateway but this does not apply if it is part of a group.</p>
<p>Thanks<br />Ste</p> pfSense Packages - Bug #10152 (Resolved): Squid: "unexpected operator" error in squid rc scripthttps://redmine.pfsense.org/issues/101522020-01-03T03:41:46ZStefano Mereghetti
<p>Hello<br />with the last merge of Squid pkg for pf 2.4.5, if I do a manual restart using GUI interface, the service doesn't start.</p>
<pre>
Jan 3 10:36:35 php-fpm 5703 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Jan 3 10:36:31 php-fpm 5703 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Jan 3 10:36:28 check_reload_status Reloading filter
Jan 3 10:36:27 Squid_Alarm 82754 Reconfiguring filter...
Jan 3 10:36:24 Squid_Alarm 79826 Attempting restart...
Jan 3 10:36:24 Squid_Alarm 79661 Squid has exited. Reconfiguring filter.
Jan 3 10:35:25 check_reload_status Reloading filter
Jan 3 10:35:24 php-fpm 32652 /pkg_edit.php: [squid] Starting a proxy monitor script
</pre>
<p>From console:</p>
<pre>
[2.4.5-DEVELOPMENT][admin@local.lan]/root: /usr/local/etc/rc.d/squid.sh stop
[: /bin/ps auxw | /usr/bin/grep [s]quid: unexpected operator
[2.4.5-DEVELOPMENT][admin@local.lan]/root:
[2.4.5-DEVELOPMENT][admin@local.lan]/root: /usr/local/etc/rc.d/squid.sh start
[: /bin/ps auxw | /usr/bin/grep [s]quid: unexpected operator
</pre>
<p>If I reboot the PF, the service start.</p>
<p>Regards</p> pfSense - Feature #10147 (Duplicate): Separators in Nat Outbound viewhttps://redmine.pfsense.org/issues/101472020-01-02T02:48:32ZStefano Mereghetti
<p>I consider the use of separators in Rules and Nat very useful.<br />I would like to ask if it is possible to implement them also in the Firewall --> NAT --> Outbound section in case you have chosen the Manual Outbound NAT rule generation.<br />Thank you</p>
<p>Regards</p> pfSense Packages - Bug #9988 (Duplicate): Squid - SSL Inspectionhttps://redmine.pfsense.org/issues/99882019-12-20T05:31:56ZStefano Mereghetti
<p>Hello<br />with 2.4.5 snapshot, I tried to enable SSL inspection using an OLD CA and a new CA.<br />The result is:</p>
<pre>
20.12.2019 12:19:35 FATAL: The /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 helpers are crashing too rapidly, need help!
20.12.2019 12:19:35 WARNING: /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 #Hlpr1 exited
20.12.2019 12:19:35 pinger: Initialising ICMP pinger ...
20.12.2019 12:19:35 ipcCreate: /usr/local/libexec/squid/ssl_crtd: (2) No such file or directory
20.12.2019 12:19:35 ipcCreate: /usr/local/libexec/squid/ssl_crtd: (2) No such file or directory
</pre>
<p>I verified that /usr/local/libexec/squid/ssl_crtd doesn't exist and also /var/squid/lib/ssl_db<br />For test, I used the following command to generate the cache table:</p>
<pre>
/usr/local/libexec/squid/security_file_certgen -c -s /var/squid/lib/ssl_db -M 4MB -b 2048
Initialization SSL db...
Done
</pre>
<p>It generates the DB but after appear:</p>
<pre>
20.12.2019 12:20:23 Squid Cache (Version 4.9): Terminated abnormally.
01.01.1970 01:00:00
20.12.2019 12:20:23 FATAL: Ipc::Mem::Segment::open failed to shm_open(/var/run/squid/tls_session_cache.shm): (2) No such file or directory
</pre>
<p>If I stop the Squid service and I restart it, /var/squid/lib/ssl_db /var/squid/lib/ssl_db is cleaned and deleted.<br />If I disable the SSL MITM, Squid start without errors.</p>
<p>Regards</p>