pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-24T23:57:32ZpfSense bugtracker
Redmine pfSense Plus - Feature #15186 (New): Test DNS over TLShttps://redmine.pfsense.org/issues/151862024-01-24T23:57:32ZJeff Kuehl
<p>The ability to readily confirm TLS DNS would be established once saved.</p> pfSense Packages - Regression #15159 (Confirmed): XMLRPC Replication Target required even if not ...https://redmine.pfsense.org/issues/151592024-01-12T23:40:15ZSteve Y
<p>On page Firewall/pfBlockerNG/Sync if "Sync to configured system backup server" is selected, "XMLRPC Replication Targets" > "Target IP/Hostname" is still a required field.</p> pfSense Packages - Regression #15064 (Confirmed): Statis menu entry for APCUPSD leads to settings...https://redmine.pfsense.org/issues/150642023-12-05T10:50:58Zodo maitre
<p>if you call services/apcupsd in the gui you get the same result as if you call status/apcupsd. Both time you get the configuration menu (pkg_edit.php?xml=apcupsd.xml).(should be "apcupsd_status.php" when calling status/apcupsd)<br />I guess there is something wrong.</p> pfSense Packages - Feature #14890 (New): dtlspipe packagehttps://redmine.pfsense.org/issues/148902023-10-17T13:24:33Zyon Liuinfo@ipv6china.com
<p>This is a DTSL tool that has been tested and used. It can add DTLS support to almost all UDP. It is especially suitable for applications that are sensitive to network delays.<br />I have asked the author to add support for various systems. If you need help, we can contact the author.</p>
<p><a class="external" href="https://github.com/Snawoot/dtlspipe">https://github.com/Snawoot/dtlspipe</a></p> pfSense Packages - Feature #14787 (New): Feature request - Freeradius post-auth custom optionshttps://redmine.pfsense.org/issues/147872023-09-16T14:34:03ZMarcelo Cury
<p>I would like to check if it is possible to add a custom options field for post-auth in Freeradius package.<br />This would open so many possibilities; <a class="external" href="https://freeradius.org/radiusd/man/unlang.html">https://freeradius.org/radiusd/man/unlang.html</a></p>
I'm currently using unlang policies with freeradius package in Ubuntu, and with it I'm able to allow users to connect or not, based on their AD group.
<ul>
<li>If the user is member of the AD <strong>wifi_users</strong> group, ok to connect to wifi enterprise.</li>
<li>If the user is member of the AD <strong>openvpn</strong> group, ok to can connect to openvpn.</li>
<li>If the user is member of the AD <strong>pfsense_admins</strong> group, they can manage pfsense.</li>
<li>If the user is member of the AD <strong>pfsense_monitors</strong> group, they can access some options in pfsense GUI.</li>
</ul>
<p>and so on...</p>
<p>Granularity like this would be very welcome to the pfsense's freeradius package.</p>
<p>Policies would be included after Post-Auth-Type Challenge as per below example in a file inside <strong>sites-enabled</strong> folder.</p>
<p>Example:<br /><pre>
...
# Filter access challenges.
#
Post-Auth-Type Challenge {
# remove_reply_message_if_eap
# attr_filter.access_challenge.post-auth
}
#start pfsense GUI
if (LDAP-Group == "pfsense_admins" && NAS-Identifier == "webConfigurator-pfsense.home.arpa") {
update {
reply:Class := "pfsense_admins"
}
noop
}
elsif (LDAP-Group == "pfsense_monitors" && NAS-Identifier == "webConfigurator-pfsense.home.arpa") {
update {
reply:Class := "pfsense_monitors"
}
noop
}
else {
reject
}
}
...
</pre></p>
<p>I would also like to suggest an option to create new sites in <strong>sites-enabled/</strong> folder, to speed up things using a file for each NAS client, very welcome for larger deployments.</p> pfSense Packages - Bug #14200 (New): WireGuard reply-to without NAThttps://redmine.pfsense.org/issues/142002023-03-29T10:02:59ZCarrnell Tech
<p>I have discovered that the WireGuard package requires the interface to have the gateway set for the reply-to rules to function as expected. However, this also creates an undesired auto NAT rules that need to be manually disabled in order to use the reply-to rules effectively.</p>
<p>I have posted all the detail and the road for my discovery on the forums and a great amount of detail along with it:<br /><a class="external" href="https://forum.netgate.com/topic/178908/wan-to-wireguard-to-lan-reply-to-bug">https://forum.netgate.com/topic/178908/wan-to-wireguard-to-lan-reply-to-bug</a></p>
My hope is that one of the following fix ideas could be implemented:
<ul>
<li>Could add verbiage on the interface or package GUI to indicate that these steps are required for true reply-to packets to function.</li>
<li>Add some sort of check box to prevent the auto added NAT rules for WireGuard interfaces, or, a check box that adds reply-to rules without the need for gateway to be filled.</li>
<li>Or, if possible, change the WireGuard package in such a way that it treats the WireGuard interface with reply-to rules with or without the gateway being set in the interface.</li>
</ul>
<p>To give you more of an idea of why I had more trouble with this particular part than anything previous is that I was migrating away from OpenVPN to WireGuard. Where OpenVPN functioned as desired without the gateway being set, I did not think to read the interface documentation mostly because the verbiage only mentions the need for it being set for internet access type scenarios, of which, I overlooked thinking it was unnecessary. On my testing environment, it was not until I started changing what I thought were unnecessary checkbox and dropdowns that I discovered the gateway was needed, I then started to read the documentation for it, which lead me to my final conclusion.</p>
<p>Appreciate your time!<br />Thank you!</p> pfSense Packages - Bug #14146 (New): Small Typo in 'Advanced Outbound firewall rule settings' war...https://redmine.pfsense.org/issues/141462023-03-22T07:36:44ZJon Brown
<p>When creating an IPv4 outbound permit rule (Firewall --> pfBlockerNG --> Ip --> IPv4) and you leave the <b>Custom Protocol</b> on any you get the following error:</p>
<pre>
Settings: Protocol setting cannot be set to 'Default' with Advanced Outbound firewall rule settings.
</pre>
<p><img src="https://redmine.pfsense.org/attachments/download/4819/pfblocker-with-any-error-message.jpg" alt="" /></p>
<p>There is a typo where it is saying it cannot be left on 'Default', there is not default protocol. This should read as follows:</p>
<pre>
Settings: Protocol setting cannot be set to 'Any' with Advanced Outbound firewall rule settings.
</pre>
<p>I have swapped <strong>default</strong> for <strong>any</strong></p> pfSense Plus - Feature #14133 (New): Exporting and Importing - Change Layouthttps://redmine.pfsense.org/issues/141332023-03-20T03:47:01ZSteven Cedrone
<p>Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do it one area at a time.</p>
<p>The drop down-style boxes for "Backup Area" and "Restore Area" should allow you to hold CTRL and choose multiple areas at a time. Or change the drop-down boxes to scrolling boxes similar to other Areas of PfSense when you select Multiple WAN or LAN connections in PfBlocker for example.</p>
<p>This would be quite handy for exporting partial settings for new setup-up's without having to do it area by area.</p> pfSense Plus - Regression #14080 (New): Installer fails to install to a geom mirrorhttps://redmine.pfsense.org/issues/140802023-03-07T18:12:14ZSteve Wheeler
<p>The 23.01 installer fails to create the expected mount points when trying to reinstall UFS to an existing gmirror.</p>
<p>It also cannot create the expected partitions using 'auto' to a new geom mirror.</p> pfSense Packages - Feature #13403 (New): Option to suppress graphing for individual thermal zoneshttps://redmine.pfsense.org/issues/134032022-08-11T04:35:52Zodo maitre
<p>As in many systems the thermal_tz1 and thermal_tz0 are invariant (not really present) it would be nice if they could be permanently disabled in the monitor graph - it is better for the graph and more aesthetically.</p> pfSense Packages - Feature #13402 (New): Monitor graph thermal sensors F option vs just Chttps://redmine.pfsense.org/issues/134022022-08-10T15:34:17ZJohnPoz _
<p>So the thermal widget allows showing temps in F, but if you look at the monitor graph it is only in C.</p>
<p>Allow for thermal monitor graph to show either C or F temps.</p> pfSense Plus - Feature #12832 (New): 6100 configurable Blinking Blue LED https://redmine.pfsense.org/issues/128322022-02-19T11:56:10Zshawn butts
<p>The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"</p>
<p>I'd like to see an option to either make it solid blue for "normal" or disable the LED altogether.</p> pfSense Plus - Bug #12759 (New): Proprietary packages link to non-existant or non-public github p...https://redmine.pfsense.org/issues/127592022-02-05T19:22:11ZKris Phillips
<p>When clicking on the version number to view the code for packages like openvpn-import and aws-wizard, these link to a non-existant Github page (or one that is private). We should probably add a way to just remove these links on proprietary packages for pfSense Plus.</p>
<p>For example, aws-wizard links to <a class="external" href="https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard">https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard</a> which is an invalid path.</p> pfSense Packages - Feature #11931 (New): Add support for validating a domain's ownership via Goog...https://redmine.pfsense.org/issues/119312021-05-17T08:09:13ZAlex Cazacu
<p>Add support for validating a domain's ownership via Google Cloud Cloud DNS.</p>
<p>Support for Google Cloud Cloud DNS is already implemented in the <a href="https://github.com/acmesh-official/acme.sh" class="external">acme-official/acme-sh</a>. See <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">dns_gcloud.sh</a>.</p>
The associated script <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">documentation</a> omits to mention that authenticating and configuring <code>gcloud</code> can be performed in a non-interactive way by:
<ol>
<li>Creating a Google Cloud service account key: <a href="https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys" class="external">documentation</a>.</li>
<li>Authenticating <code>gcloud</code> with the created service account key: <a href="https://cloud.google.com/sdk/docs/authorizing#authorizing_with_a_service_account" class="external">documentation</a>.</li>
<li>Configuring <code>gcloud</code>: via <code>gcloud config set</code> - <a href="https://cloud.google.com/sdk/docs/properties#setting_properties;" class="external">documentation</a> via environment variables: <a href="https://cloud.google.com/sdk/docs/properties#setting_properties_via_environment_variables" class="external">documentation</a>.</li>
</ol> pfSense Packages - Bug #11650 (New): FRR configuration broken on restore of manually edited FRR c...https://redmine.pfsense.org/issues/116502021-03-10T06:51:58ZAndrew Green
<p>SG-3100<br />21.02-RELEASE-p1 (arm)<br />built on Mon Feb 22 09:38:52 EST 2021</p>
<p>FRR package version 1.1.0_8</p>
<p>I could not find any instructions to remove all of a package's configuration so I did this:</p>
<p>- Made a config backup<br />- Edited the config xml and remove the FRR config references but left the package sections in place with empty <config></config> sections inside.<br />- Restored the config<br />- Router rebooted and reinstalled packages<br />- Went to reconfigure FRR and it broke sometimes when saving the settings.<br />- I managed to make the error go away after adding and deleting a prefix list.<br />- Here is the PHP error:<br /><pre>
arm
12.2-STABLE
FreeBSD 12.2-STABLE 0e42b7d7eac(HEAD) pfSense-SG-3100
Crash report details:
PHP Errors:
[09-Mar-2021 21:46:49 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:15 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:30 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:36 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:49:51 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
[09-Mar-2021 21:49:55 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
[09-Mar-2021 21:50:03 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg.php(140) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg.php(140): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
No FreeBSD crash data found.
</pre></p>