Project

General

Profile

Activity

From 04/17/2017 to 05/16/2017

05/16/2017

04:04 PM Feature #7535: Snort messages filling System / General. Should have its own log.
As far as I know, anything pertaining to logging is set to the default. It is set to send alerts to the system log. F... Daryl Morse
03:30 PM Feature #7535: Snort messages filling System / General. Should have its own log.
Do you have it configured to log alerts to the system log? Otherwise, it does not put too much info into the system ... Bill Meeks

05/14/2017

12:50 AM Feature #7548: Add absolute offset stat to NTP monitoring display
PR https://github.com/pfsense/FreeBSD-ports/pull/355
Has a full refactoring of the code first, then adding this feat... Phillip Davis

05/13/2017

12:21 PM Feature #7548: Add absolute offset stat to NTP monitoring display
PR https://github.com/pfsense/FreeBSD-ports/pull/354 (now closed) Phillip Davis
12:15 PM Feature #7548 (Resolved): Add absolute offset stat to NTP monitoring display
In Status Monitoring, NTP, the graph and stats data below it show the time offset. This varies plus and minus from ze... Phillip Davis

05/12/2017

06:46 AM Bug #7543: pfBlockerNG doesn't appear to pull IP block lists that are marked as "OFF" if previously they were enabled
It's a bug. The update message should reflect the deletion of the IP ranges associated with the list set to "OFF". ... Andrew -
06:38 AM Bug #7543 (Rejected): pfBlockerNG doesn't appear to pull IP block lists that are marked as "OFF" if previously they were enabled
Jim Pingle
06:25 AM Bug #7543: pfBlockerNG doesn't appear to pull IP block lists that are marked as "OFF" if previously they were enabled
Andrew - wrote:
> Please can you confirm whether pfBlockerNG is properly pulling lists of IPs that are changed from ... Kill Bill
04:39 AM Bug #7543: pfBlockerNG doesn't appear to pull IP block lists that are marked as "OFF" if previously they were enabled
If you have various IPv4 lists and set one of them to "ON", but then subsequently set it to "OFF", it appears that pf... Andrew -
04:35 AM Bug #7543 (Rejected): pfBlockerNG doesn't appear to pull IP block lists that are marked as "OFF" if previously they were enabled
Andrew -

05/11/2017

10:27 AM Bug #7539 (Rejected): OpenVPN dashboard widget shows 1194 for client connections
We report what OpenVPN's management interface reports. In this case, that is actually the remote client's _source_ po... Jim Pingle
10:25 AM Bug #7539 (Rejected): OpenVPN dashboard widget shows 1194 for client connections
I have never submitted a bug before, but I have noticed this issue now that I have built a second VPN server to play ... machstem machstem

05/10/2017

11:19 AM Feature #7535 (New): Snort messages filling System / General. Should have its own log.
I'm running 2.3.4. Snort is completely burying other messages in System / General. It should have its own log. Daryl Morse

05/09/2017

10:59 AM Bug #7533 (Feedback): HAProxy 1.7.3+ Breaks with DNS Resolvers configured (UNIX stats sockets fail)
I committed a temporary fix for HAProxy to revert the problematic changes in HAProxy:
https://github.com/pfsense/F... Jim Pingle
10:42 AM Bug #7533 (Resolved): HAProxy 1.7.3+ Breaks with DNS Resolvers configured (UNIX stats sockets fail)
If HAProxy is enabled and has DNS Resolvers configured on its Settings tab, then the widget and stats page will fail.... Jim Pingle

05/06/2017

10:44 AM Bug #7523: HAproxy widget settings panel does not open
I checked other packages that have a dashboard widget. The others all do stuff that is compatible with the multi-copi... Phillip Davis
10:43 AM Bug #7523: HAproxy widget settings panel does not open
And for haproxy-devel PR https://github.com/pfsense/FreeBSD-ports/pull/351 Phillip Davis
06:35 AM Bug #7524 (Resolved): Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates
Upstream bug: http://bugs.squid-cache.org/show_bug.cgi?id=4711
Also, there were multiple other SSL-Bump fixes in 3... Kill Bill
06:08 AM Bug #7161: pfSense-pkg-bind9 changelog pointing to non-existent location
Same issue with pfSense-pkg-Netgate_Coreboot_Upgrade - the changelog link points to https://github.com/pfsense/FreeBS... Kill Bill

05/05/2017

12:32 PM Bug #7310 (Resolved): Packages pre-deinstall script removes temporary files used by pkg
Works Renato Botelho
12:31 PM Bug #7523: HAproxy widget settings panel does not open
I have no idea why I wrote 2.3.4 above. This is an issue with using the HAproxy widget on 2.4, due to enhancements in... Phillip Davis
12:30 PM Bug #7523 (Resolved): HAproxy widget settings panel does not open
Install and enable the HAproxy package.
On the Dashboard for 2.3.4, add the HAproxy widget
In the HAproxy widget, c... Phillip Davis

05/04/2017

02:45 AM Feature #7519 (Resolved): Add support for --listen-v6 to ACME standalone webserver
The ACME script allows passing "--listen-v6" to force IPv6 in standalone mode. In an environment with public IPv6 add... Michael Duller

05/03/2017

08:33 AM Bug #7498 (Resolved): Deprecated option included in OpenVPN client export
Works Jim Pingle

05/02/2017

10:25 AM Bug #7498 (Feedback): Deprecated option included in OpenVPN client export
I just pushed a change to use remote-cert-tls and also adjusted the code around it to test for the proper EKU before ... Jim Pingle

05/01/2017

11:37 AM Bug #7503 (Rejected): Web Interface and possible app configuration issue
Are you sure your scanner is hitting the firewall and not being redirected to another web service?
Looking at the ... Jim Pingle

04/30/2017

12:31 AM Bug #7503 (Rejected): Web Interface and possible app configuration issue
Version: 2.3.3_1
Vulnerability Scanner: OpenVas
Possible Vulnerability #1: SSL/TLS: Missing `secure` Cookie Attribu... Andrew Hardy

04/27/2017

11:06 AM Bug #7498: Deprecated option included in OpenVPN client export
That makes sense. As you stated - if certs are being signed with the correct KU/EKU from 2009 in my mind it seems lik... James Webb
09:31 AM Bug #7498: Deprecated option included in OpenVPN client export
That should work fine for certificates made any time recently on pfSense.

The only potential problem I foresee is... Jim Pingle
08:37 AM Bug #7498: Deprecated option included in OpenVPN client export
Okay that makes sense - thank you :)
However, surely by having the @ns-cert-type@ option included in all exports y... James Webb
08:22 AM Bug #7498: Deprecated option included in OpenVPN client export
The verification option you mentioned in the GUI controls verifying the name only, it does not verify the type, so it... Jim Pingle
08:19 AM Bug #7498 (Resolved): Deprecated option included in OpenVPN client export
As of OpenVPN 2.4 the directive: @ns-cert-type@ has been deprecated.
However, from my testing, the client export p... James Webb

04/26/2017

02:32 AM Bug #7438: Squid 0.4.36_2 Remote Cache Parent not working
You'll need to post on the forums in that case before there's some bug identified. The above patch is the only change... Kill Bill

04/23/2017

12:23 PM Bug #7479: freeRadius not started after update to 1.7.8
Added an install message and some input validation and other tweaks @ https://github.com/pfsense/FreeBSD-ports/pull/344. Kill Bill

04/22/2017

01:28 AM Bug #7487: Status Traffic Totals doesnt persist through reboots.
Sadly someone else will have to test, the system I am using as my router is 32 bit and 2.4 only seems to be available... Chris R

04/21/2017

06:41 PM Bug #7486 (Rejected): Captive Portal (CP): MS Edge and IE have interner access despite CP
Highly unlikely to be a captive portal problem, but something with your local configuration. Could be a package, coul... Jim Pingle
04:50 PM Bug #7486 (Rejected): Captive Portal (CP): MS Edge and IE have interner access despite CP
Well.. This sounds a Little dumb and I dont know wtf is going on tbh.
Well. At first, I better tell you about the ... Christopher Westburry
06:38 PM Bug #7487 (Feedback): Status Traffic Totals doesnt persist through reboots.
/var and /tmp handling was changed significantly in 2.4, please re-test there. Jim Pingle
05:00 PM Bug #7487: Status Traffic Totals doesnt persist through reboots.
Forgot to add the effected version as I did not notice the field till after I submitted, but I am running 2.3.3-RELEA... Chris R
04:58 PM Bug #7487 (Resolved): Status Traffic Totals doesnt persist through reboots.
The persistent data for vmstat is stored on /var and when you have var and tmp on ramdrives, the data isn't backed up... Chris R
01:50 PM Bug #6182: HAProxy not supporting ALPN
Ah yes sorry, got some versions mixed up in my head.. Pi Ba
01:44 PM Bug #6182: HAProxy not supporting ALPN
Pi Ba wrote:
> You can wait, but its still 1.0.2..
>
> [2.4.0-BETA][root@pfSense.localdomain]/root: openssl versi... Joshua Ruehlig

04/20/2017

12:51 PM Bug #6182: HAProxy not supporting ALPN
You can wait, but its still 1.0.2..
[2.4.0-BETA][root@pfSense.localdomain]/root: openssl version
OpenSSL 1.0.2k-f... Pi Ba
11:32 AM Bug #6182: HAProxy not supporting ALPN
Ok, thanks that makes sense.
I excitedly wait for pfSense 2.4, and an ALPN capable HAProxy then.
 Joshua Ruehlig
07:11 AM Bug #6182: HAProxy not supporting ALPN
Joshua Ruehlig wrote:
> Ok, just to clear up my understanding. Is the following correct?
>
> If we build a port w... Jim Pingle
05:12 AM Bug #6182: HAProxy not supporting ALPN
Ok, just to clear up my understanding. Is the following correct?
If we build a port with openssl from ports, it no... Joshua Ruehlig
11:31 AM Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
Jim Thompson wrote:
> Steven Kreitzer wrote:
> > Sandeep K V wrote:
> > > Hi Steven Kreitzer and Jim Thompson isn'... Jens Leinenbach

04/19/2017

01:06 PM Bug #7310 (Feedback): Packages pre-deinstall script removes temporary files used by pkg
I've reviewed deinstall functions for all packages and removed commands that can cause this symptom. It still can hap... Renato Botelho
11:39 AM Bug #6182: HAProxy not supporting ALPN
First, that isn't the way you set OpenSSL to use the port now. It would be:... Jim Pingle
11:12 AM Bug #6182: HAProxy not supporting ALPN
Pi Ba wrote:
> The extra build flag should probably be added to: https://github.com/pfsense/pfsense/blob/master/tool... Joshua Ruehlig

04/18/2017

01:03 PM Bug #7479: freeRadius not started after update to 1.7.8
There is no way to NOT configure EAP in the package. Simply said, configuring the certs in the CA manager is *mandato... Kill Bill
11:35 AM Bug #7479: freeRadius not started after update to 1.7.8
You may not realize it is enabled, but it must be, or you wouldn't get that error. At this point it is not a bug, but... Jim Pingle
11:34 AM Bug #7479: freeRadius not started after update to 1.7.8
Jim Pingle wrote:
> Given the error, you had to have used it in the past.
eap? no, i not used EAP, never.
this... Konstantin Ab
11:30 AM Bug #7479: freeRadius not started after update to 1.7.8
A server certificate is necessary for EAP. Given the error, you had to have used it in the past. Jim Pingle
11:29 AM Bug #7479: freeRadius not started after update to 1.7.8
i not use Cert Manager. And EAP.
It is necessary? Konstantin Ab
11:27 AM Bug #7479 (Rejected): freeRadius not started after update to 1.7.8
Support for the old and redundant certificate manager in FreeRADIUS was removed. Create or import a server certificat... Jim Pingle
11:26 AM Bug #7479 (Rejected): freeRadius not started after update to 1.7.8
I upgrade freeraius and freeraius not started now
In log:
Apr 18 23:21:00 radiusd 11844 rlm_eap: SSL error err... Konstantin Ab
12:27 PM Bug #6182: HAProxy not supporting ALPN
The extra build flag should probably be added to: https://github.com/pfsense/pfsense/blob/master/tools/conf/pfPorts/m... Pi Ba
11:35 AM Bug #6182: HAProxy not supporting ALPN
Kill Bill wrote:
> Joshua Ruehlig wrote:
> > Is it possible to set build options for dependent ports?
>
> See th... Joshua Ruehlig

04/17/2017

04:44 AM Bug #6182: HAProxy not supporting ALPN
Joshua Ruehlig wrote:
> Is it possible to set build options for dependent ports?
See the previous comment.
 Kill Bill
02:25 AM Bug #6182: HAProxy not supporting ALPN
Is it possible to set build options for dependent ports?
Maybe we can add an OPTION to set 'WITH_OPENSSL_PORT= yes' ... Joshua Ruehlig
 

Also available in: Atom