pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162022-12-07T11:33:09ZpfSense bugtracker
Redmine pfSense - Feature #13732 (New): Allow the use of macros within aliaseshttps://redmine.pfsense.org/issues/137322022-12-07T11:33:09ZLuc Courville
<p>Because of limitation of IPv6 at the current way. (Traffic is allow between Vlan) I found a solution but this will be better if we can have more flexibility.</p>
<p>Can you make the option to create an Alias with Interface net and interface address.(drop down list) (same as when we create rules in destination drop down list) (ex: This Firewall, any, Alias or host, interface_name net....)<br />That way when we create a alias we choose Lan net, dmz net....<br />After that we can create a any rules with that alias.</p>
<p>There is my workaround about ipv6 traffic. <br /><img src="https://redmine.pfsense.org/attachments/download/4558/clipboard-202212071225-g4pv3.png" alt="" /><br />I create an interface group and add all local net. (Dynamic ipv6 from ISP)<br />Then create all rules for my need and it seem to work.</p>
<p>All other tab is reserved to IPv4 only.</p>
<p>If we can have alias as request the correct rules could be in tab interface instead of having lots of deny rules.</p>
<p>Best way to have the same behavior as we have in ipv4 (block all communication between vlan).</p> pfSense Plus - Feature #12832 (New): 6100 configurable Blinking Blue LED https://redmine.pfsense.org/issues/128322022-02-19T11:56:10Zshawn butts
<p>The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"</p>
<p>I'd like to see an option to either make it solid blue for "normal" or disable the LED altogether.</p> pfSense Docs - New Content #12805 (New): Add documentation about what triggers a notficationhttps://redmine.pfsense.org/issues/128052022-02-15T17:10:01ZLogan Marchione
<p>I just setup notifications in pfSense and can't find any documentation on the page below to show what sort of actions trigger a notification. <br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html">https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html</a></p>
<p>It seems this is a semi-common problem. <br /><a class="external" href="https://www.reddit.com/r/PFSENSE/comments/ar3w9l/pfsense_email_notifications/">https://www.reddit.com/r/PFSENSE/comments/ar3w9l/pfsense_email_notifications/</a> <br /><a class="external" href="https://www.reddit.com/r/PFSENSE/comments/l6lil3/how_to_configure_whatwhen_for_email_notifications/">https://www.reddit.com/r/PFSENSE/comments/l6lil3/how_to_configure_whatwhen_for_email_notifications/</a></p>
<p>Am I missing something, or is this documentation hidden somewhere? Ideally, I'd like a giant list of checkboxes to turn on/off notifications for things, but I'd take just a plaintext list of what will trigger a notification. Right now, I'm searching GitHub to see what triggers <strong>notify_all_remote</strong>.<br /><a class="external" href="https://github.com/pfsense/pfsense/search?q=notify_all_remote">https://github.com/pfsense/pfsense/search?q=notify_all_remote</a></p> pfSense Docs - New Content #12804 (New): Add documentation for Slack notificationshttps://redmine.pfsense.org/issues/128042022-02-15T16:59:18ZLogan Marchione
<p>I saw in the issue below that support for notifications via Slack was added to 2.6.0. <br /><a class="external" href="https://redmine.pfsense.org/issues/12291">https://redmine.pfsense.org/issues/12291</a></p>
<p>However, I don't see matching docs on this page. Can these be added? <br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html">https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html</a></p> pfSense - Feature #12521 (New): Add the BBR2, QUIC, RACK Congestion Control (CC) protocolshttps://redmine.pfsense.org/issues/125212021-11-12T21:11:13ZSergei Shablovsky
<p>Changing character of traffic in last 5-7 years powered extremely by the fact that <br />- 80%+ of users using mobile devices (smartphones and tablets);<br />- IoT and SmartHome technologies become widely using</p>
<p>create request for modern, more effective Congestion Control (CC) technologies.</p>
<p>And this is the time where BBR2, QUIC, RACK protocols come in. Some of them already integrated in most popular nix base distributives.</p>
<p>Some of proofs are here <a class="external" href="https://forum.netgate.com/post/1009051">https://forum.netgate.com/post/1009051</a> and in this tread <a class="external" href="https://forum.netgate.com/topic/163744/any-chances-to-get-netflix-s-open-connect-appliance-oca-tcp-code-rack-and-bbr-into-pfsense">https://forum.netgate.com/topic/163744/any-chances-to-get-netflix-s-open-connect-appliance-oca-tcp-code-rack-and-bbr-into-pfsense</a>
==============================================================</p>
<p>Because the pfSense are a “heart” of any business or private network, better to add ability to be able using BBR2, QUIC, RACK protocols in a pfSense-tuned version of FreeBSD.</p>
<p>==============================================================<br />Useful Links<br />BBR - <a class="external" href="https://github.com/Netflix/tcplog_dumper">https://github.com/Netflix/tcplog_dumper</a><br />RACK / SACK - <a class="external" href="https://forums.freebsd.org/threads/tcp-rack-and-sack.80633/">https://forums.freebsd.org/threads/tcp-rack-and-sack.80633/</a><br />QUIC - <a class="external" href="https://www.reddit.com/r/PFSENSE/comments/ajs0qy/quic_protocol/">https://www.reddit.com/r/PFSENSE/comments/ajs0qy/quic_protocol/</a></p> pfSense Docs - Todo #12457 (New): Add UPS Configuration Recipes for apcupsd and nut UPS Packages ...https://redmine.pfsense.org/issues/124572021-10-14T12:53:43ZKris Phillips
<p>A customer requested that we add some basic "how to" recipes to the pfSense docs for basic operations in the apcupsd and nut UPS packages for common brands of UPS units.</p>
<p>This would include configuration examples for the various brands (with a note that some differences may exist by model), some basic automatic start up and shutdown configuration, etc.</p> pfSense Docs - New Content #12402 (New): Add recipe for configuring Telegram to receive notificat...https://redmine.pfsense.org/issues/124022021-09-24T00:46:30ZViktor Gurov
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html">https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html</a></p>
<p><strong>Feedback:</strong></p>
<p>How to configure Telegram notifications:<br />1) Find the bot BotFather<br />2) Add a new bot with the commands: "/newbot", <botname>, <botusername> (must end in 'bot'),<br />save the API Token value<br />see <a class="external" href="https://core.telegram.org/bots#creating-a-new-bot">https://core.telegram.org/bots#creating-a-new-bot</a> and screenshot<br />3) Create a new private chat and add a new bot to it with the "Post messages" privilege<br />4) How to get private chat id:<br />4.1) First way:<br />Just send to the bot your invite link to your private channel<br />and check it with <a class="external" href="https://api.telegram.org/bot&lt;BOT_TOKEN&gt;/getUpdates">https://api.telegram.org/bot&lt;BOT_TOKEN&gt;/getUpdates</a>:<br /><pre>
{"ok":true,"result":[{"update_id":191337144,
"my_chat_member":{"chat":{"id":-1001550670765,"title":"myprivatetest","type":"channel"},"from":
</pre><br />4.2) Second way:<br />- You should convert your channel to public with some @channelName<br />- Send message to this channel through Bot API: <a class="external" href="https://api.telegram.org/bot111:222/sendMessage?chat_id=@channelName&text=123">https://api.telegram.org/bot111:222/sendMessage?chat_id=@channelName&text=123</a><br />- As response you will get info with chat_id of your channel:<br /><pre>
{ "ok" : true, "result" : { "chat" : { "id" : -1001005582487, "title" : "Test Private Channel", "type" : "channel" }, "date" : 1448245538, "message_id" : 7, "text" : "123ds" } }
</pre><br />- Now you can convert Channel back to private (by deleting channel's link) and send message directly to this chat_id "-1001005582487"</p> pfSense - Todo #12025 (New): Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interfa...https://redmine.pfsense.org/issues/120252021-06-10T17:34:03ZKris Phillips
<p>Although it is VERY rarely necessary, we should add a banner to the top of the 1:1 NAT page notifying end users that they have just 1:1 NAT'ed the WAN interface address and this is usually not recommended due to connectivity issues for dpinger, IPSec, etc. that may occur. Often we see users 1:1 NAT their WAN address out of lack of experience/understanding. Additionally, this should be useful if there was a way to verify against an HA member as well or CARP VIP as it can sometimes be easy to forget that your secondary unit is using the 1:1 NAT address you just configured on the primary and pushed it to the secondary (which then causes gateway monitoring to fail on that interface).</p> pfSense Packages - Feature #11931 (New): Add support for validating a domain's ownership via Goog...https://redmine.pfsense.org/issues/119312021-05-17T08:09:13ZAlex Cazacu
<p>Add support for validating a domain's ownership via Google Cloud Cloud DNS.</p>
<p>Support for Google Cloud Cloud DNS is already implemented in the <a href="https://github.com/acmesh-official/acme.sh" class="external">acme-official/acme-sh</a>. See <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">dns_gcloud.sh</a>.</p>
The associated script <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">documentation</a> omits to mention that authenticating and configuring <code>gcloud</code> can be performed in a non-interactive way by:
<ol>
<li>Creating a Google Cloud service account key: <a href="https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys" class="external">documentation</a>.</li>
<li>Authenticating <code>gcloud</code> with the created service account key: <a href="https://cloud.google.com/sdk/docs/authorizing#authorizing_with_a_service_account" class="external">documentation</a>.</li>
<li>Configuring <code>gcloud</code>: via <code>gcloud config set</code> - <a href="https://cloud.google.com/sdk/docs/properties#setting_properties;" class="external">documentation</a> via environment variables: <a href="https://cloud.google.com/sdk/docs/properties#setting_properties_via_environment_variables" class="external">documentation</a>.</li>
</ol> pfSense Packages - Bug #11493 (New): After upgrade zabbix proxy wont starthttps://redmine.pfsense.org/issues/114932021-02-21T05:31:00ZPim Janssen
<p>Due to database changes between zabbix-proxy versions. The proxy database needs to be removed after upgrading else the proxy service won't start.</p>
<p>Workaround <br />manual remove database /var/db/zabbix-proxy/proxy.db</p> pfSense Packages - Feature #10377 (New): Allow usage of TOTP (Google-Authenticator) without PINhttps://redmine.pfsense.org/issues/103772020-03-26T09:10:59ZAndreas Heckmannaheckmann@m-s.de
<p>Currently it is not possible to create a radius user with TOTP enabled without entering an additional pin.<br />So to authentiate as that user, you have to enter the minimum 4 digit pin + 6 digit TOTP as password.</p>
<p>For scenarios like "openvpn ssl/tls with userauth", it would be much more user friendly to only use the TOTP without an additional pin.<br />First factor ist the cert, second factor the totp-secret from the phone.</p>
<p>So it would be nice to allow an empty entry for the pin on the create/modify-user page if totp (Google Authenticator) mode is used <br />and to modify the totp-check to handle the case when no password is set.</p> pfSense Packages - Bug #10265 (New): Adding a Note with malformed title will force system restorehttps://redmine.pfsense.org/issues/102652020-02-17T14:27:22ZYuri Weinstein
<p>This is related to using Notes package.</p>
<p>Add a new note with title</p>
<p>"Add/Change/Set the custom resolution of your display using xrandr on Ubuntu 18.04 — {In a minute}"</p>
<p>(I am not sure why this particular string causes a problem, but it does) and anything in the notes body</p>
<p>Click on Save => notice that the note was not added and pfSense System Notices show a new warning:</p>
<p>"pfSenseConfigurator<br />pfSense is restoring the configuration /cf/conf/backup/config-1581970855.xml @ 2020-02-17 12:21:23"</p> pfSense Packages - Feature #9725 (New): Ability to use template variables in acme packagehttps://redmine.pfsense.org/issues/97252019-09-04T04:59:00ZTobi Miller
<p>would be very helpful to be able to use variables in acme package action section<br />Using variables something like that would be possible as action</p>
<p><code>sed -n w/tmp/acme/%NAME/%DOMAIN/%DOMAIN.pem /tmp/acme/%NAME/%DOMAIN/%DOMAIN.key /tmp/acme/%NAME/%DOMAIN/%DOMAIN.cer</code></p>
<p>that would make the actions very portable if one needs another domain with the same actions: just clone the record in acme package, change values (like name and domain) and hit save. <br />Would save a lot of time and possible errors due to typos when replacing the domain in the action</p> pfSense Packages - Feature #8161 (New): Add virtual server support to FreeRadiushttps://redmine.pfsense.org/issues/81612017-12-04T18:53:44ZVictor Hooi
<p>It's great and super convenient that the FreeRadius server is included as a package with pfSense.</p>
<p>I currently use this to provide WPA-Enterprise authentication with my Ubiquiti Unifi access points.</p>
<p>However, it would be fantastic if we could add virtual server support via the online GUI - this is a key feature in FreeRadius, and lets you setup multiple lists of users (e.g. for different WiFi SSIDs).</p>
<p>This person has tried to hack around the lack of support:</p>
<p><a class="external" href="https://forum.pfsense.org/index.php?topic=126862.0">https://forum.pfsense.org/index.php?topic=126862.0</a></p>
<p>but that breaks every time you update via the GUI.</p> pfSense - Feature #6804 (New): Add row counter into Diagnostics -> Edit Filehttps://redmine.pfsense.org/issues/68042016-09-21T21:23:13ZTCI User
<p>Will be extremely helpful if the rows in the Diagnostics -> Edit File window are presented with a number.</p>
<p>In this case you cannot get lost while scrolling up and down into a file.</p>
<p>NOTE: As a work around at the moment I copy the file into my external text editor (Notepad++), make the necessary changes and then copy it back.</p>