pfSense » pfSense Packages

02/01/2017

09:57 PM Bug #7190: pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)

PR https://github.com/pfsense/FreeBSD-ports/pull/286 Phillip Davis

03:55 PM Bug #7190 (Resolved): pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)

I just installed pfSense-pkg-acme and went to the Cert. Manager - Certificates Page. I see the following output imme... Greg Siemon

08:12 PM Bug #7192 (Resolved): ACME package cannot update more than one nsupdate type domain

With multiple domains in the "Domain SAN List" set to nsupdate, it only appears to use the last key entered, rather t... Jim Pingle

07:46 PM Bug #7191 (Resolved): squid package EN-US grammar errors

In the Services > Squid Proxy Server > Antivirus > Enable Manual Configuration section, the warning "Warning: Only en... P Jones

05:11 PM Feature #7189: Letsencrypt acme sync in HA environment

There are a couple considerations here to keep straight for GUI use as well.
* One cert with SANs for both hosts i... Jim Pingle

02:13 PM Feature #7189 (Resolved): Letsencrypt acme sync in HA environment

Configure the letsencrypt package https://github.com/pfsense/FreeBSD-ports/tree/devel/security/pfSense-pkg-acme to sy... Adam Lawler

01:50 PM Feature #4752 (Resolved): SQUID. Exception for speed limits

Renato Botelho

01:36 PM Feature #4752: SQUID. Exception for speed limits

Works. Kill Bill

01:49 PM Feature #2825 (Resolved): OpenBGPd: Add options prepend-neighbor and prepend-self

Renato Botelho

01:32 PM Feature #2825: OpenBGPd: Add options prepend-neighbor and prepend-self

Fixed with https://github.com/pfsense/FreeBSD-ports/commit/df93449ea55537c48bca4304f72aa7ced243a116 - close please. Kill Bill

01:49 PM Feature #6537 (Rejected): Suricata does not autopopulate IP Reputation list from Emerging Threats on rules update

Renato Botelho

01:12 PM Feature #6537: Suricata does not autopopulate IP Reputation list from Emerging Threats on rules update

Can be closed. Feature misunderstanding. Kill Bill

01:44 PM Feature #6022: Consider MLVPN for bonded VPN

This feature would bring high value to the product and really make it stand out from the crowd. Not many solutions a... mark rousseau

10:31 AM Bug #7188 (Closed): Squid update issue

Already fixed Renato Botelho

10:06 AM Bug #7188: Squid update issue

... Kill Bill

09:27 AM Bug #7188 (Closed): Squid update issue

Hi, after updating (yesteray) squid my web ui is not working any more! Here is the error:
Parse error: syntax erro... Robert Weingardt

01/31/2017

04:08 PM Bug #7009 (Resolved): syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap

Anonymous

04:07 PM Bug #7009: syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap

Works, thanks for help. Kill Bill

12:51 PM Bug #7009 (Feedback): syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap

Anonymous

11:08 AM Bug #6928 (Feedback): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Renato Botelho

08:00 AM Feature #7179: Package Filer into 2.3

Also did xmlrpc 2.4 adjustments:
https://github.com/pfsense/FreeBSD-ports/pull/277/commits/8d27c452ce42ca2ef0d65b65b... Mathias Möller

04:57 AM Feature #7179 (Resolved): Package Filer into 2.3

Pull Request to include the filer package in pfSense >= 2.3
https://github.com/pfsense/FreeBSD-ports/pull/277 Mathias Möller

01/30/2017

03:24 PM Feature #2825: OpenBGPd: Add options prepend-neighbor and prepend-self

Hello,
I know it's been a long time since this thread was started, but we started using the openBGPd package and not... Lucas Jackson

08:37 AM Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Konstantin Ab wrote:
> Hmmm, it seems to work!
> records appear in Table
Thanks for testing. Added to this monst... Kill Bill

01/29/2017

09:27 PM Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Hmmm, it seems to work!
records appear in Table Konstantin Ab

03:46 AM Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Can you please test this patch? https://github.com/pfsense/FreeBSD-ports/commit/cdf9b05e966f311b8ae83c7a3158479bd5c9e... Kill Bill

12:15 AM Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

i tryed diable SQL. No problem.
I'm watching the security problems in this table. Konstantin Ab

08:38 AM Feature #6022: Consider MLVPN for bonded VPN

+1
It's too bad that pfSense do not have this functionality yet
Many of us use multiple WANs please consider MLVP... koo kim

05:20 AM Bug #7170: FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2

Added a huge deprecation warning to the page as part of https://github.com/pfsense/FreeBSD-ports/pull/272. Kill Bill

04:41 AM Bug #7170 (Resolved): FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2

I'd rather nuke this redundant thing altogether, however not sure how to handle the transition for unfortunate users ... Kill Bill

01/28/2017

05:47 PM Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Does uncommenting this break things if SQL is *disabled*? The whole thing is a damn complex heap of code, not really ... Kill Bill

01/27/2017

08:33 AM Bug #6404: FreeRADIUS Does Not Start After Upgrade

All merged. Please test with 1.7.5_1 when available; if it still does not work, describe exactly what actions make it... Kill Bill

01/26/2017

04:27 PM Bug #6748 (Feedback): rrd_fetch_json.php returns html when user is unauthorized (causes "Error: SyntaxError: Unexpected token <")

I added a better error message in the case that JSON doesn't get returned, but a hint for the user to check that they... Jared Dillard

12:52 PM Bug #6404: FreeRADIUS Does Not Start After Upgrade

See
- https://github.com/pfsense/FreeBSD-ports/pull/267
- https://github.com/pfsense/FreeBSD-ports/pull/268 Kill Bill

01/25/2017

07:58 AM Bug #6988: SNORT Package PHP memory error

Your logs are way too huge! Configure something sane on Logs Mgmt tab. (You can override the memory limit in https://... Kill Bill

04:31 AM Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not

https://github.com/pfsense/FreeBSD-ports/pull/265 - that's not a real solution obviously, so kindly leave this bug op... Kill Bill

01/24/2017

08:49 AM Bug #6490 (Rejected): Squid Reverse Proxy: Disabling an entry on the "Redirects" tab creates duplicate entries for the previous entry in the squid config

Jim Pingle

08:35 AM Bug #6490: Squid Reverse Proxy: Disabling an entry on the "Redirects" tab creates duplicate entries for the previous entry in the squid config

Cannot reproduce, plus suspect it's more or less a duplicate of another non-reproducible issue filed by the same user... Kill Bill

07:25 AM Bug #7161 (Resolved): pfSense-pkg-bind9 changelog pointing to non-existent location

The changelog link should point to https://github.com/pfsense/FreeBSD-ports/tree/devel/dns/pfSense-pkg-bind9 while it... Kill Bill

07:11 AM Feature #3754 (Closed): Add APC Back-UPS CS to NUT

Jim Pingle

07:08 AM Feature #3754: Add APC Back-UPS CS to NUT

No feedback, related to ancient package version, plus apparently not a pfSense issue either. Retest with current pack... Kill Bill

06:35 AM Bug #5869: Squid non-functional in transparent mode in 2.3

Here’s the mail I got recently for my problem
I was not able to get to these sites at the time of my first post but ... john Smith

01/23/2017

10:22 AM Bug #6350: Auto Config Backup - Uncaught Exception

Steve Beaver wrote:
> Fixed by populating version table when info request fails
I don't remember what package ver... Simon Trigona

09:10 AM Bug #6350 (Feedback): Auto Config Backup - Uncaught Exception

Fixed by populating version table when info request fails Anonymous

09:06 AM Bug #6968 (Rejected): Snort VRT Rules Fail to automatically update SSL read error

Jim Pingle

05:09 AM Bug #6968: Snort VRT Rules Fail to automatically update SSL read error

Upstream server issue, has nothing to do with pfSense. Close please. Kill Bill

01/18/2017

10:26 PM Bug #7127: Authentication fail in AutoConfigBackup package

Confirmed. I just installed version 1.47 and it now works just fine with the mixed case ID. Thanks!!!
... um, y... Brian Davidson

03:32 PM Bug #7130 (Resolved): Lightsquid 3.0.4_2 HTTP 500

Works Jim Pingle

09:51 AM Bug #7130: Lightsquid 3.0.4_2 HTTP 500

I'll grab this back for testing once the new package is available Jim Pingle

09:49 AM Bug #7130 (Feedback): Lightsquid 3.0.4_2 HTTP 500

3.0.4_3 should be fixed Renato Botelho

09:23 AM Bug #7130: Lightsquid 3.0.4_2 HTTP 500

Looks like we're missing the latest change to the Makefile for www/lightsquid from earlier this week, CGI.pm was remo... Jim Pingle

09:17 AM Bug #7130 (Confirmed): Lightsquid 3.0.4_2 HTTP 500

Jim Pingle

01:59 AM Bug #7130 (Resolved): Lightsquid 3.0.4_2 HTTP 500

As title says, when one clicks on Open Lightsquid HTTP error 500 appers. Greg M

01/17/2017

09:41 PM Bug #7127 (Resolved): Authentication fail in AutoConfigBackup package

Had confirmation from others internally that it worked on the new version with mixed case login names. Jim Pingle

11:04 AM Bug #7127 (Feedback): Authentication fail in AutoConfigBackup package

I pushed a fix for this just now. Once version 1.47 shows up for you, reinstall and test it again.
https://github.... Jim Pingle

12:49 PM Bug #6603 (Confirmed): pfblockerng's Unbound modifications leave system broken post-config restore

Jim Pingle

12:42 PM Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore

Definitely wrong ticket reference in the above commit. Kill Bill

12:40 PM Bug #6603 (Feedback): pfblockerng's Unbound modifications leave system broken post-config restore

Applied in changeset pfsense:commit:5280fd8d21c71c6997e1855f8b96265bd81ccb99. Renato Botelho

01/16/2017

11:54 AM Bug #7127 (Resolved): Authentication fail in AutoConfigBackup package

When I sign in to the PFSense Gold web portal, I enter my ID as mix of upper and lower case letters: BrianKDav. To ... Brian Davidson

01/15/2017

10:43 PM Feature #6022: Consider MLVPN for bonded VPN

There appears to be a port for MLVPN now:
https://www.freshports.org/net/mlvpn/
This could be used as a basis for... Adam Gibson

02:53 PM Feature #4461: Squid options too late in squid.conf

See... Volker Kuhlmann

02:44 PM Feature #4461 (Rejected): Squid options too late in squid.conf

Jim Pingle

02:43 PM Feature #4461: Squid options too late in squid.conf

No such luck needed, said deficient software is no longer involved, and no loss for me, no-one would have done anythi... Volker Kuhlmann

02:24 PM Feature #4461: Squid options too late in squid.conf

Thanks for "feedback". Pull requests go to https://github.com/pfsense/FreeBSD-ports/, good luck. Kill Bill

02:08 PM Feature #4461: Squid options too late in squid.conf

Services like plesk control panels do not run on a standard SSL port like 443. Rather than opening several other port... Volker Kuhlmann

07:41 AM Feature #4461 (Feedback): Squid options too late in squid.conf

Jim Pingle

02:50 AM Feature #4461: Squid options too late in squid.conf

I have hard time understanding what kind of exceptions is being requested here or what's being used by the OP that's ... Kill Bill

09:18 AM Feature #556 (Resolved): siproxd: add carp virtual IPs as interface candidates

Config looks right now Jim Pingle

04:16 AM Bug #5594: Captive portal patch does not work anymore

Orsiris de Jong wrote:
> Anyone willing to update the patch ?
Updating the patch is a waste of time. If such func... Kill Bill

01/14/2017

11:00 AM Feature #556: siproxd: add carp virtual IPs as interface candidates

Good catch, thanks. Kill Bill

09:42 AM Feature #556: siproxd: add carp virtual IPs as interface candidates

The PR was close but it needed some backend changes as well, otherwise it was putting blank values in the configurati... Jim Pingle

10:11 AM Feature #3303 (Resolved): Allow quagga ospf stub, not so stub and totally stub areas

Seems to work Jim Pingle

09:20 AM Feature #7000: ntopng historical data needs to be reworked

PR to hide this defunct stuff from GUI meanwhile: https://github.com/pfsense/FreeBSD-ports/pull/255 Kill Bill

08:57 AM Bug #4736 (Resolved): ladvd crashes, dumps core

Problem on the ticket no longer happens, anything else belongs on a new ticket. Closing. Jim Pingle

08:57 AM Bug #6346 (Rejected): Squid Proxy Server Service randomly stops

Jim Pingle

08:56 AM Bug #5534 (Resolved): Captive Portal stop sending accounting updates to free radius

Unable to reproduce, lack of feedback, closing. Jim Pingle

08:55 AM Bug #5614 (Resolved): mailreport - emails are going out when manually triggered, but not via cron

Unable to reproduce, lack of feedback, closing. Jim Pingle

08:09 AM Feature #4752 (Feedback): SQUID. Exception for speed limits

Jim Pingle

08:03 AM Feature #4752: SQUID. Exception for speed limits

Merged; test please and report back. Kill Bill

08:08 AM Feature #6965 (Resolved): suricata + snort - making custom passlist additive to the default one

Jim Pingle

08:05 AM Feature #6965: suricata + snort - making custom passlist additive to the default one

Apparently the issue was not with the package, nested aliases now work. Close please. Kill Bill

01:42 AM Feature #5052: Avahi Proxy Package: Add option to disable/control cache size.

This has a target version of 2.4.0 - is that really intended? Phillip Davis

01/13/2017

12:41 PM Bug #5524 (Resolved): bind package is patching /etc/inc/system.inc (syslog configuration)

Jim Pingle

12:14 PM Bug #6527 (Resolved): Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception

Jim Pingle

12:14 PM Feature #6593 (Resolved): squid: allow user to configure DH key size, SINGLE_DH_USE, NO-SSLv3, Cipher-Suites - performance improvement hint

Jim Pingle

12:14 PM Bug #6592 (Resolved): squid does NOT use EDH and EECDH cipher suites because "tls-dh" is not configured and so these ciphers are silently dropped - see squid documentation

Jim Pingle

09:06 AM Todo #7055: Update OpenVPN Client Export package with OpenVPN 2.4

If you checked "push compression to the client" then the server will push the setting to the client and it shouldn't ... Jim Pingle

09:03 AM Todo #7055: Update OpenVPN Client Export package with OpenVPN 2.4

Jim - unknown if this is expected behavior, but the Client Export does not put compression settings in the client fil... Jeff Wischkaemper

08:49 AM Todo #7055 (Resolved): Update OpenVPN Client Export package with OpenVPN 2.4

Works fine. Jim Pingle

01/11/2017

08:18 PM Bug #7114: OpenBGP - remote syslog output incomplete

Thanks, Jim.
Confirmed with WireShark to be a limitation of free Kiwi syslog server.
Phil Biggs

07:49 PM Bug #7114 (Rejected): OpenBGP - remote syslog output incomplete

Remote syslog server data is sent immediately as the log entries happen. There are no limits imposed on the data, it ... Jim Pingle

07:33 PM Bug #7114 (Rejected): OpenBGP - remote syslog output incomplete

2.3.2-RELEASE-p1 (full install).
I have a table which is updated via OpenBGP and currently contains more than 90... Phil Biggs

01/10/2017

08:56 AM Bug #7104: Rules created by traffic shaper wizard dont do anything

Jim if you want to test these new findings up to you but here is an update.
I have discovered the match rules crea... Chris Collins

06:57 AM Bug #7109: Squid 0.4.29_1 not Exist

Tank you,
now all is ok Claudio Berselli

06:52 AM Bug #7109 (Rejected): Squid 0.4.29_1 not Exist

This sort of error will clear up on its own after a few moments, or run "pkg update -f" if it keeps happening.
Whe... Jim Pingle

06:45 AM Bug #7109 (Rejected): Squid 0.4.29_1 not Exist

If tray to install Squid 0.4.29_1 I have this error:... Claudio Berselli

06:50 AM Bug #6878: how to use snort, squid and squid_guard with a ram disk

The thinking was: Without NanoBSD, more people will be running a full install on unreliable media like CF/SD, so we n... Jim Pingle

04:24 AM Bug #6878: how to use snort, squid and squid_guard with a ram disk

Jim Pingle wrote:
> Seems to be working.
Yeah, this seems to be working, except that noone is getting the fixes. ... Kill Bill

01/09/2017

10:06 PM Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not

Affected me too. I tried settings with OpenVPN server + OpenVPN client.
Both:
Pfsense 2.3.2-RELEASE-p1
Quagga_OS... winmasta winmasta

07:55 PM Bug #7107: IPv6 blocklists generate IPv4 auto-rules

I'll wait for a confirmed fix for the 'vtype' bug. The aliases are working fine for me, especially since I really on... John Silva

07:44 PM Bug #7107: IPv6 blocklists generate IPv4 auto-rules

*Update:* Its going to be a little more involved to fix this issue... Best to use "Alias type" rules, until the next... BBcan177 .

07:22 PM Bug #7107: IPv6 blocklists generate IPv4 auto-rules

Thanks for the report... I can confirm that there is a bug for the IPv6 Tab. The GeoIP tab doesn't have this issue th... BBcan177 .

06:32 PM Bug #7107: IPv6 blocklists generate IPv4 auto-rules

Yes. I configured the list in the IPv6 tab of pfBlockerNG. When "List Action" is set to "Deny Both" the firewall ru... John Silva

06:21 PM Bug #7107: IPv6 blocklists generate IPv4 auto-rules

Did you add these Lists in the IPv6 pfBlockerNG Tab? BBcan177 .

05:35 PM Bug #7107 (Resolved): IPv6 blocklists generate IPv4 auto-rules

I set up some IPv6 blocklists with pfblocker and noticed that the autorules it created were created as IPv4 protocol ... John Silva

08:34 AM Bug #7104: Rules created by traffic shaper wizard dont do anything

I did not explain how they work because this is not a support system, nor is it a discussion platform. All of this be... Jim Pingle

08:32 AM Bug #7104: Rules created by traffic shaper wizard dont do anything

Jim Pingle wrote:
> The forum is the best place to discuss this until a real bug is identified. It is not about keep... Chris Collins

01/08/2017

04:57 PM Bug #7104: Rules created by traffic shaper wizard dont do anything

Yeah exactly, this is to file bug reports. Not "ooops something somehow won't work for me, definitely must be a bug" ... Kill Bill

04:54 PM Bug #7104 (Rejected): Rules created by traffic shaper wizard dont do anything

The forum is the best place to discuss this until a real bug is identified. It is not about keeping ticket counts dow... Jim Pingle

04:43 PM Bug #7104: Rules created by traffic shaper wizard dont do anything

Kill Bill wrote:
> May I suggest using https://forum.pfsense.org/index.php?board=26.0 until you have a *real* bug? '... Chris Collins

04:42 PM Bug #7104: Rules created by traffic shaper wizard dont do anything

I see match mentioned on this page https://home.nuug.no/~peter/pf/en/altqintro.html
But FreeBSD never updated PF t... Chris Collins

04:38 PM Bug #7104: Rules created by traffic shaper wizard dont do anything

May I suggest using https://forum.pfsense.org/index.php?board=26.0 until you have a *real* bug? 'cos this one ain't a... Kill Bill

04:26 PM Bug #7104: Rules created by traffic shaper wizard dont do anything

Ok some more information. Step by step of my diagnostics.
1 - Run the wizard and choose the first option, keep as... Chris Collins

04:12 PM Bug #7104 (Rejected): Rules created by traffic shaper wizard dont do anything

The rules are created as match rules which is not passing them onto the specific queue.
I am talking about the rul... Chris Collins

03:05 PM Feature #4752: SQUID. Exception for speed limits

This is what 'Unrestricted IPs' on the ACLs tab was intended for; except that it never worked due a wrong check. Fixe... Kill Bill

11:06 AM Bug #7103 (Rejected): Security issue regarding traffic shaper created by wizard

There is no security issue except the one you made by changing the rules. If there is a problem with the shaper rules... Jim Pingle

11:04 AM Bug #7103 (Rejected): Security issue regarding traffic shaper created by wizard

So take this into consideration
The default dns resolver settings listen on "all" interfaces.
If I follow the... Chris Collins

01/06/2017

11:51 AM Todo #7055 (Feedback): Update OpenVPN Client Export package with OpenVPN 2.4

This is now live for 2.3.2_1 users as well. What little feedback I received was positive. We'll move forward from her... Jim Pingle

01/05/2017

04:09 PM Bug #7087 (Rejected): DNSBL service does not start

Is pfBlocker actually installed, enabled, and properly configured?
Please post on the forum in the pfBlockerNG boa... Jim Pingle

03:51 PM Bug #7087: DNSBL service does not start

Other errors:... Brenden Smerbeck

03:48 PM Bug #7087 (Rejected): DNSBL service does not start

Noticed this while configuring 2.4. dnsbl service does not start, and the .pid file has no value. Brenden Smerbeck

07:49 AM Bug #6950 (Resolved): Auto Config Backup always reports success

Renato Botelho

04:04 AM Bug #6950: Auto Config Backup always reports success

Works (at least for cases where write_config() returns false, and there's not really much else that could be done here.) Kill Bill

06:17 AM Feature #6951 (Resolved): Disable Auto Config Backup without uninstalling

Renato Botelho

04:01 AM Feature #6951: Disable Auto Config Backup without uninstalling

Merged and works, can be closed. Kill Bill

01/04/2017

11:16 PM Todo #7055: Update OpenVPN Client Export package with OpenVPN 2.4

I just pushed this to 2.3.3 as well for more testing. Jim Pingle

07:58 AM Todo #7055: Update OpenVPN Client Export package with OpenVPN 2.4

A new version of OpenVPN client export for pfSense 2.4 with OpenVPN 2.4 is up now for testing.
Key changes:
* Ope... Jim Pingle

12:13 PM Bug #6527 (Feedback): Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception

PR has been merged to 2.4.0 and 2.3.3 snapshots Renato Botelho

01/03/2017

01:03 PM Bug #6987: ntopng needs Google API key for GeoIP map

It is working on 2.3.3 snapshots as well. Kill Bill

11:21 AM Bug #6987: ntopng needs Google API key for GeoIP map

Thanks, that's the information I was missing.
Stuart Wyatt

08:29 AM Bug #6987: ntopng needs Google API key for GeoIP map

ntopng 2.4 is available on pfSense 2.4, and it works there. If/when the package is updated on other branches it will ... Jim Pingle

08:16 AM Bug #6987: ntopng needs Google API key for GeoIP map

The bug referenced the need for ntopng version 2.4 to resolve the problem, so why is it being closed when version 2.2... Stuart Wyatt

05:28 AM Bug #6987 (Closed): ntopng needs Google API key for GeoIP map

Renato Botelho

03:46 AM Bug #6987: ntopng needs Google API key for GeoIP map

Apparently no patching required with ntopng-2.4.2016.10.14 - you can configure the API key in Preferences - Users - G... Kill Bill

03:49 AM Bug #7067: usbhid-ups - no such file or directory

There is no such thing needed, simply reboot after installing the package. Kill Bill