pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-24T23:57:32ZpfSense bugtracker
Redmine pfSense Plus - Feature #15186 (New): Test DNS over TLShttps://redmine.pfsense.org/issues/151862024-01-24T23:57:32ZJeff Kuehl
<p>The ability to readily confirm TLS DNS would be established once saved.</p> pfSense Packages - Feature #14890 (New): dtlspipe packagehttps://redmine.pfsense.org/issues/148902023-10-17T13:24:33Zyon Liuinfo@ipv6china.com
<p>This is a DTSL tool that has been tested and used. It can add DTLS support to almost all UDP. It is especially suitable for applications that are sensitive to network delays.<br />I have asked the author to add support for various systems. If you need help, we can contact the author.</p>
<p><a class="external" href="https://github.com/Snawoot/dtlspipe">https://github.com/Snawoot/dtlspipe</a></p> pfSense Packages - Feature #14787 (New): Feature request - Freeradius post-auth custom optionshttps://redmine.pfsense.org/issues/147872023-09-16T14:34:03ZMarcelo Cury
<p>I would like to check if it is possible to add a custom options field for post-auth in Freeradius package.<br />This would open so many possibilities; <a class="external" href="https://freeradius.org/radiusd/man/unlang.html">https://freeradius.org/radiusd/man/unlang.html</a></p>
I'm currently using unlang policies with freeradius package in Ubuntu, and with it I'm able to allow users to connect or not, based on their AD group.
<ul>
<li>If the user is member of the AD <strong>wifi_users</strong> group, ok to connect to wifi enterprise.</li>
<li>If the user is member of the AD <strong>openvpn</strong> group, ok to can connect to openvpn.</li>
<li>If the user is member of the AD <strong>pfsense_admins</strong> group, they can manage pfsense.</li>
<li>If the user is member of the AD <strong>pfsense_monitors</strong> group, they can access some options in pfsense GUI.</li>
</ul>
<p>and so on...</p>
<p>Granularity like this would be very welcome to the pfsense's freeradius package.</p>
<p>Policies would be included after Post-Auth-Type Challenge as per below example in a file inside <strong>sites-enabled</strong> folder.</p>
<p>Example:<br /><pre>
...
# Filter access challenges.
#
Post-Auth-Type Challenge {
# remove_reply_message_if_eap
# attr_filter.access_challenge.post-auth
}
#start pfsense GUI
if (LDAP-Group == "pfsense_admins" && NAS-Identifier == "webConfigurator-pfsense.home.arpa") {
update {
reply:Class := "pfsense_admins"
}
noop
}
elsif (LDAP-Group == "pfsense_monitors" && NAS-Identifier == "webConfigurator-pfsense.home.arpa") {
update {
reply:Class := "pfsense_monitors"
}
noop
}
else {
reject
}
}
...
</pre></p>
<p>I would also like to suggest an option to create new sites in <strong>sites-enabled/</strong> folder, to speed up things using a file for each NAS client, very welcome for larger deployments.</p> pfSense Plus - Feature #14133 (New): Exporting and Importing - Change Layouthttps://redmine.pfsense.org/issues/141332023-03-20T03:47:01ZSteven Cedrone
<p>Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do it one area at a time.</p>
<p>The drop down-style boxes for "Backup Area" and "Restore Area" should allow you to hold CTRL and choose multiple areas at a time. Or change the drop-down boxes to scrolling boxes similar to other Areas of PfSense when you select Multiple WAN or LAN connections in PfBlocker for example.</p>
<p>This would be quite handy for exporting partial settings for new setup-up's without having to do it area by area.</p> pfSense Plus - Regression #14080 (New): Installer fails to install to a geom mirrorhttps://redmine.pfsense.org/issues/140802023-03-07T18:12:14ZSteve Wheeler
<p>The 23.01 installer fails to create the expected mount points when trying to reinstall UFS to an existing gmirror.</p>
<p>It also cannot create the expected partitions using 'auto' to a new geom mirror.</p> pfSense Plus - Feature #12832 (New): 6100 configurable Blinking Blue LED https://redmine.pfsense.org/issues/128322022-02-19T11:56:10Zshawn butts
<p>The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"</p>
<p>I'd like to see an option to either make it solid blue for "normal" or disable the LED altogether.</p> pfSense Plus - Bug #12759 (New): Proprietary packages link to non-existant or non-public github p...https://redmine.pfsense.org/issues/127592022-02-05T19:22:11ZKris Phillips
<p>When clicking on the version number to view the code for packages like openvpn-import and aws-wizard, these link to a non-existant Github page (or one that is private). We should probably add a way to just remove these links on proprietary packages for pfSense Plus.</p>
<p>For example, aws-wizard links to <a class="external" href="https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard">https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard</a> which is an invalid path.</p> pfSense Packages - Feature #11931 (New): Add support for validating a domain's ownership via Goog...https://redmine.pfsense.org/issues/119312021-05-17T08:09:13ZAlex Cazacu
<p>Add support for validating a domain's ownership via Google Cloud Cloud DNS.</p>
<p>Support for Google Cloud Cloud DNS is already implemented in the <a href="https://github.com/acmesh-official/acme.sh" class="external">acme-official/acme-sh</a>. See <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">dns_gcloud.sh</a>.</p>
The associated script <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">documentation</a> omits to mention that authenticating and configuring <code>gcloud</code> can be performed in a non-interactive way by:
<ol>
<li>Creating a Google Cloud service account key: <a href="https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys" class="external">documentation</a>.</li>
<li>Authenticating <code>gcloud</code> with the created service account key: <a href="https://cloud.google.com/sdk/docs/authorizing#authorizing_with_a_service_account" class="external">documentation</a>.</li>
<li>Configuring <code>gcloud</code>: via <code>gcloud config set</code> - <a href="https://cloud.google.com/sdk/docs/properties#setting_properties;" class="external">documentation</a> via environment variables: <a href="https://cloud.google.com/sdk/docs/properties#setting_properties_via_environment_variables" class="external">documentation</a>.</li>
</ol> pfSense Packages - Bug #11650 (New): FRR configuration broken on restore of manually edited FRR c...https://redmine.pfsense.org/issues/116502021-03-10T06:51:58ZAndrew Green
<p>SG-3100<br />21.02-RELEASE-p1 (arm)<br />built on Mon Feb 22 09:38:52 EST 2021</p>
<p>FRR package version 1.1.0_8</p>
<p>I could not find any instructions to remove all of a package's configuration so I did this:</p>
<p>- Made a config backup<br />- Edited the config xml and remove the FRR config references but left the package sections in place with empty <config></config> sections inside.<br />- Restored the config<br />- Router rebooted and reinstalled packages<br />- Went to reconfigure FRR and it broke sometimes when saving the settings.<br />- I managed to make the error go away after adding and deleting a prefix list.<br />- Here is the PHP error:<br /><pre>
arm
12.2-STABLE
FreeBSD 12.2-STABLE 0e42b7d7eac(HEAD) pfSense-SG-3100
Crash report details:
PHP Errors:
[09-Mar-2021 21:46:49 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:15 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:30 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:36 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:49:51 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
[09-Mar-2021 21:49:55 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
[09-Mar-2021 21:50:03 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg.php(140) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg.php(140): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
No FreeBSD crash data found.
</pre></p> pfSense Packages - Feature #10377 (New): Allow usage of TOTP (Google-Authenticator) without PINhttps://redmine.pfsense.org/issues/103772020-03-26T09:10:59ZAndreas Heckmannaheckmann@m-s.de
<p>Currently it is not possible to create a radius user with TOTP enabled without entering an additional pin.<br />So to authentiate as that user, you have to enter the minimum 4 digit pin + 6 digit TOTP as password.</p>
<p>For scenarios like "openvpn ssl/tls with userauth", it would be much more user friendly to only use the TOTP without an additional pin.<br />First factor ist the cert, second factor the totp-secret from the phone.</p>
<p>So it would be nice to allow an empty entry for the pin on the create/modify-user page if totp (Google Authenticator) mode is used <br />and to modify the totp-check to handle the case when no password is set.</p> pfSense Packages - Feature #10358 (New): Stage FRR Configuration Changeshttps://redmine.pfsense.org/issues/103582020-03-19T02:23:09ZLuki TJ
<p>Changes made to the configuration on any FRR Component are applied immediate when hitting the save button. If a large number of changes are necessary, for example to multiple BGP-Neighbor or OSPF Interface configurations, it would trigger massive re-convergence in the Network Infrastructure when it is done in a short period of time. This may impact the availability of large Network topologies. Also, there may be scenarios where it is necessary to change Routing configuration parameters on multiple parts at once to minimize outage or even to ensure connectivity to the Management of the Firewall afterwards, in case there is no management access within a direct connect subnet available.</p>
<p>Long Story short: A consistent runtime configuration of a dynamic routing protocol is important to ensure the availability of any Network. A better approach would be to stage configuration changes and implement an "Apply Changes" Button, like it's done in other configuration sections of pfSense.</p> pfSense Packages - Feature #9725 (New): Ability to use template variables in acme packagehttps://redmine.pfsense.org/issues/97252019-09-04T04:59:00ZTobi Miller
<p>would be very helpful to be able to use variables in acme package action section<br />Using variables something like that would be possible as action</p>
<p><code>sed -n w/tmp/acme/%NAME/%DOMAIN/%DOMAIN.pem /tmp/acme/%NAME/%DOMAIN/%DOMAIN.key /tmp/acme/%NAME/%DOMAIN/%DOMAIN.cer</code></p>
<p>that would make the actions very portable if one needs another domain with the same actions: just clone the record in acme package, change values (like name and domain) and hit save. <br />Would save a lot of time and possible errors due to typos when replacing the domain in the action</p> pfSense Packages - Feature #9141 (New): FRR xmlrpc https://redmine.pfsense.org/issues/91412018-11-21T08:22:54ZChris Macmahon
<p>FRR seems to be missing the option to sync the config viar XLMRPC.</p> pfSense Packages - Feature #8161 (New): Add virtual server support to FreeRadiushttps://redmine.pfsense.org/issues/81612017-12-04T18:53:44ZVictor Hooi
<p>It's great and super convenient that the FreeRadius server is included as a package with pfSense.</p>
<p>I currently use this to provide WPA-Enterprise authentication with my Ubiquiti Unifi access points.</p>
<p>However, it would be fantastic if we could add virtual server support via the online GUI - this is a key feature in FreeRadius, and lets you setup multiple lists of users (e.g. for different WiFi SSIDs).</p>
<p>This person has tried to hack around the lack of support:</p>
<p><a class="external" href="https://forum.pfsense.org/index.php?topic=126862.0">https://forum.pfsense.org/index.php?topic=126862.0</a></p>
<p>but that breaks every time you update via the GUI.</p> pfSense Packages - Feature #7608 (New): Captive Portal amount of traffic Account + Free Radius+M...https://redmine.pfsense.org/issues/76082017-05-28T01:47:49Zmohsen abbaspour
<p>limitation on amount of traffic does not work when used CP and Free Radiusand and Mysql to gether </p>
<pre><code>It seams that captive does not count amount of Traffic</code></pre>