pfSense » pfSense Packages

05/06/2017

10:44 AM Bug #7523: HAproxy widget settings panel does not open

I checked other packages that have a dashboard widget. The others all do stuff that is compatible with the multi-copi... Phillip Davis

10:43 AM Bug #7523: HAproxy widget settings panel does not open

And for haproxy-devel PR https://github.com/pfsense/FreeBSD-ports/pull/351 Phillip Davis

06:35 AM Bug #7524 (Resolved): Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates

Upstream bug: http://bugs.squid-cache.org/show_bug.cgi?id=4711
Also, there were multiple other SSL-Bump fixes in 3... Kill Bill

06:08 AM Bug #7161: pfSense-pkg-bind9 changelog pointing to non-existent location

Same issue with pfSense-pkg-Netgate_Coreboot_Upgrade - the changelog link points to https://github.com/pfsense/FreeBS... Kill Bill

05/05/2017

12:32 PM Bug #7310 (Resolved): Packages pre-deinstall script removes temporary files used by pkg

Works Renato Botelho

12:31 PM Bug #7523: HAproxy widget settings panel does not open

I have no idea why I wrote 2.3.4 above. This is an issue with using the HAproxy widget on 2.4, due to enhancements in... Phillip Davis

12:30 PM Bug #7523 (Resolved): HAproxy widget settings panel does not open

Install and enable the HAproxy package.
On the Dashboard for 2.3.4, add the HAproxy widget
In the HAproxy widget, c... Phillip Davis

05/04/2017

02:45 AM Feature #7519 (Resolved): Add support for --listen-v6 to ACME standalone webserver

The ACME script allows passing "--listen-v6" to force IPv6 in standalone mode. In an environment with public IPv6 add... Michael Duller

05/03/2017

08:33 AM Bug #7498 (Resolved): Deprecated option included in OpenVPN client export

Works Jim Pingle

05/02/2017

10:25 AM Bug #7498 (Feedback): Deprecated option included in OpenVPN client export

I just pushed a change to use remote-cert-tls and also adjusted the code around it to test for the proper EKU before ... Jim Pingle

05/01/2017

11:37 AM Bug #7503 (Rejected): Web Interface and possible app configuration issue

Are you sure your scanner is hitting the firewall and not being redirected to another web service?
Looking at the ... Jim Pingle

04/30/2017

12:31 AM Bug #7503 (Rejected): Web Interface and possible app configuration issue

Version: 2.3.3_1
Vulnerability Scanner: OpenVas
Possible Vulnerability #1: SSL/TLS: Missing `secure` Cookie Attribu... Andrew Hardy

04/27/2017

11:06 AM Bug #7498: Deprecated option included in OpenVPN client export

That makes sense. As you stated - if certs are being signed with the correct KU/EKU from 2009 in my mind it seems lik... James Webb

09:31 AM Bug #7498: Deprecated option included in OpenVPN client export

That should work fine for certificates made any time recently on pfSense.

The only potential problem I foresee is... Jim Pingle

08:37 AM Bug #7498: Deprecated option included in OpenVPN client export

Okay that makes sense - thank you :)
However, surely by having the @ns-cert-type@ option included in all exports y... James Webb

08:22 AM Bug #7498: Deprecated option included in OpenVPN client export

The verification option you mentioned in the GUI controls verifying the name only, it does not verify the type, so it... Jim Pingle

08:19 AM Bug #7498 (Resolved): Deprecated option included in OpenVPN client export

As of OpenVPN 2.4 the directive: @ns-cert-type@ has been deprecated.
However, from my testing, the client export p... James Webb

04/26/2017

02:32 AM Bug #7438: Squid 0.4.36_2 Remote Cache Parent not working

You'll need to post on the forums in that case before there's some bug identified. The above patch is the only change... Kill Bill

04/23/2017

12:23 PM Bug #7479: freeRadius not started after update to 1.7.8

Added an install message and some input validation and other tweaks @ https://github.com/pfsense/FreeBSD-ports/pull/344. Kill Bill

04/22/2017

01:28 AM Bug #7487: Status Traffic Totals doesnt persist through reboots.

Sadly someone else will have to test, the system I am using as my router is 32 bit and 2.4 only seems to be available... Chris R

04/21/2017

06:41 PM Bug #7486 (Rejected): Captive Portal (CP): MS Edge and IE have interner access despite CP

Highly unlikely to be a captive portal problem, but something with your local configuration. Could be a package, coul... Jim Pingle

04:50 PM Bug #7486 (Rejected): Captive Portal (CP): MS Edge and IE have interner access despite CP

Well.. This sounds a Little dumb and I dont know wtf is going on tbh.
Well. At first, I better tell you about the ... Christopher Westburry

06:38 PM Bug #7487 (Feedback): Status Traffic Totals doesnt persist through reboots.

/var and /tmp handling was changed significantly in 2.4, please re-test there. Jim Pingle

05:00 PM Bug #7487: Status Traffic Totals doesnt persist through reboots.

Forgot to add the effected version as I did not notice the field till after I submitted, but I am running 2.3.3-RELEA... Chris R

04:58 PM Bug #7487 (Resolved): Status Traffic Totals doesnt persist through reboots.

The persistent data for vmstat is stored on /var and when you have var and tmp on ramdrives, the data isn't backed up... Chris R

01:50 PM Bug #6182: HAProxy not supporting ALPN

Ah yes sorry, got some versions mixed up in my head.. Pi Ba

01:44 PM Bug #6182: HAProxy not supporting ALPN

Pi Ba wrote:
> You can wait, but its still 1.0.2..
>
> [2.4.0-BETA][root@pfSense.localdomain]/root: openssl versi... Joshua Ruehlig

04/20/2017

12:51 PM Bug #6182: HAProxy not supporting ALPN

You can wait, but its still 1.0.2..
[2.4.0-BETA][root@pfSense.localdomain]/root: openssl version
OpenSSL 1.0.2k-f... Pi Ba

11:32 AM Bug #6182: HAProxy not supporting ALPN

Ok, thanks that makes sense.
I excitedly wait for pfSense 2.4, and an ALPN capable HAProxy then.
Joshua Ruehlig

07:11 AM Bug #6182: HAProxy not supporting ALPN

Joshua Ruehlig wrote:
> Ok, just to clear up my understanding. Is the following correct?
>
> If we build a port w... Jim Pingle

05:12 AM Bug #6182: HAProxy not supporting ALPN

Ok, just to clear up my understanding. Is the following correct?
If we build a port with openssl from ports, it no... Joshua Ruehlig

11:31 AM Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper

Jim Thompson wrote:
> Steven Kreitzer wrote:
> > Sandeep K V wrote:
> > > Hi Steven Kreitzer and Jim Thompson isn'... Jens Leinenbach

04/19/2017

01:06 PM Bug #7310 (Feedback): Packages pre-deinstall script removes temporary files used by pkg

I've reviewed deinstall functions for all packages and removed commands that can cause this symptom. It still can hap... Renato Botelho

11:39 AM Bug #6182: HAProxy not supporting ALPN

First, that isn't the way you set OpenSSL to use the port now. It would be:... Jim Pingle

11:12 AM Bug #6182: HAProxy not supporting ALPN

Pi Ba wrote:
> The extra build flag should probably be added to: https://github.com/pfsense/pfsense/blob/master/tool... Joshua Ruehlig

04/18/2017

01:03 PM Bug #7479: freeRadius not started after update to 1.7.8

There is no way to NOT configure EAP in the package. Simply said, configuring the certs in the CA manager is *mandato... Kill Bill

11:35 AM Bug #7479: freeRadius not started after update to 1.7.8

You may not realize it is enabled, but it must be, or you wouldn't get that error. At this point it is not a bug, but... Jim Pingle

11:34 AM Bug #7479: freeRadius not started after update to 1.7.8

Jim Pingle wrote:
> Given the error, you had to have used it in the past.
eap? no, i not used EAP, never.
this... Konstantin Ab

11:30 AM Bug #7479: freeRadius not started after update to 1.7.8

A server certificate is necessary for EAP. Given the error, you had to have used it in the past. Jim Pingle

11:29 AM Bug #7479: freeRadius not started after update to 1.7.8

i not use Cert Manager. And EAP.
It is necessary? Konstantin Ab

11:27 AM Bug #7479 (Rejected): freeRadius not started after update to 1.7.8

Support for the old and redundant certificate manager in FreeRADIUS was removed. Create or import a server certificat... Jim Pingle

11:26 AM Bug #7479 (Rejected): freeRadius not started after update to 1.7.8

I upgrade freeraius and freeraius not started now
In log:
Apr 18 23:21:00 radiusd 11844 rlm_eap: SSL error err... Konstantin Ab

12:27 PM Bug #6182: HAProxy not supporting ALPN

The extra build flag should probably be added to: https://github.com/pfsense/pfsense/blob/master/tools/conf/pfPorts/m... Pi Ba

11:35 AM Bug #6182: HAProxy not supporting ALPN

Kill Bill wrote:
> Joshua Ruehlig wrote:
> > Is it possible to set build options for dependent ports?
>
> See th... Joshua Ruehlig

04/17/2017

04:44 AM Bug #6182: HAProxy not supporting ALPN

Joshua Ruehlig wrote:
> Is it possible to set build options for dependent ports?
See the previous comment.
Kill Bill

02:25 AM Bug #6182: HAProxy not supporting ALPN

Is it possible to set build options for dependent ports?
Maybe we can add an OPTION to set 'WITH_OPENSSL_PORT= yes' ... Joshua Ruehlig

04/14/2017

07:30 PM Bug #7471: Cellular pkg errors on install

Reassign to pkg author if this is specific to the cellular pkg Jim Thompson

01:36 PM Bug #7471 (Rejected): Cellular pkg errors on install

Upgraded 2.3.3 to 2.3.3-p1, then installed cellular. Pkg install dialog:
> >>> Installing pfSense-pkg-cellular... ... Stilez y

09:03 AM Bug #7470: Status Traffic Totals - March 2017 is missing

We have seen that sort of thing in the past. A byproduct of how the weeks/months line up and perhaps a dash of DST in... Jim Pingle

08:44 AM Bug #7470: Status Traffic Totals - March 2017 is missing

Here's some better description: https://forum.pfsense.org/index.php?topic=127774.0
Kill Bill

08:33 AM Bug #7470 (Closed): Status Traffic Totals - March 2017 is missing

March 2017 is missing in the Monthly view. Noticed by several users in the forum:
https://forum.pfsense.org/index.ph... Anonymous

07:32 AM Bug #7229 (Duplicate): Package Manager Update "Suricata" failed

Duplicate of #7310 Renato Botelho

07:29 AM Bug #7310: Packages pre-deinstall script removes temporary files used by pkg

A workaround was added on pkg for specific packages and versions when same situation happened there. In our case a co... Renato Botelho

06:57 AM Bug #7310: Packages pre-deinstall script removes temporary files used by pkg

After dig into it I found the root cause of the problem, which I will describe here and work on a fix later.
Durin... Renato Botelho

07:14 AM Bug #7170 (Feedback): FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2

Jim Pingle

02:29 AM Bug #7170: FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2

Merged.
Note: This needs to go to 2.4 release notes. Configuring the certs is no longer optional, it's simply a re... Kill Bill

04/12/2017

10:39 AM Bug #7438: Squid 0.4.36_2 Remote Cache Parent not working

I had my linux guy edit the files with the lines you requested.
Same result
12.04.2017 11:36:14
10.24.1.70
TCP_... Robert Siegman

09:56 AM Bug #7466 (Rejected): Status > Monitoring does not work

I can't reproduce this on a fresh installation or upgraded firewall using the latest snapshot. Sounds like maybe your... Jim Pingle

08:50 AM Bug #7466 (Rejected): Status > Monitoring does not work

When I got to Status > Monitoring I get this error: Error: JSON not returned. Check to make sure you have an active s... Alex Marino

04/11/2017

08:02 AM Bug #7462 (New): HAproxy not rebinding properly after WAN DHCP IP change

Hi,
This is copy/pasted from the forum (https://forum.pfsense.org/index.php?topic=121345.0?) as i have the same is... Mr B

04/10/2017

10:19 AM Feature #7456: pfblockerNG add supportto add or modify self-modified easylist style rule

The next version of the package will have all of the Language specific EasyList feeds hardcoded.
Unfortunately, al... BBcan177 .