pfSense » pfSense Packages

07/14/2017

03:18 PM Bug #7696 (Resolved): Telegraf Package Saving Incorrect Password

The contents of the password field are not being passed properly to the telegraf.conf file. The password is being en... Galen POSPISIL

07/13/2017

06:09 PM Feature #7691 (New): Allow for custom icap services for squid

We would like to integrate additional icap services into the pfsense squid configuration, but there is no way add the... Orion Poplawski

07/12/2017

07:53 AM Feature #7189: Letsencrypt acme sync in HA environment

Relevant Commits:
2.4:
https://github.com/pfsense/FreeBSD-ports/commit/119d687658b46a0310a481c22f5a435e5de9625f
... Jim Pingle

07:51 AM Feature #7189 (Resolved): Letsencrypt acme sync in HA environment

Works on both 2.4 and 2.3.x now. Jim Pingle

07/11/2017

03:59 PM Feature #7189 (Feedback): Letsencrypt acme sync in HA environment

Pushed a fix for 2.3.x versions now. Jim Pingle

03:29 PM Feature #7189 (Assigned): Letsencrypt acme sync in HA environment

Well, it works on 2.4, needs some adjustments for 2.3.x yet. Jim Pingle

03:11 PM Feature #7189 (Feedback): Letsencrypt acme sync in HA environment

I just pushed a new feature to the ACME package, it can now send service restart commands via XMLRPC using the system... Jim Pingle

07/10/2017

09:44 AM Bug #7681: OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

Thank you Jim! Makes sense. David Nuzik

07:37 AM Bug #7681: OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

I made a different issue entry for the actual underlying problem here: https://redmine.pfsense.org/issues/7685 Jim Pingle

07:36 AM Bug #7681 (Not a Bug): OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

It does appear that they are the same, but different versions of OpenSSL or different libraries that are OpenSSL-like... Jim Pingle

08:29 AM Feature #7686: Add option in HAProxy to configure SSL defaults based on the Mozilla SSL Configuration Generator

oops, misspelled configure in the subject line Corey Boyle

08:27 AM Feature #7686 (New): Add option in HAProxy to configure SSL defaults based on the Mozilla SSL Configuration Generator

Would be nice to have "Modern | Intermediate | Old" options in the configuration of HAProxy for SSL cipher suites, ba... Corey Boyle

07/08/2017

10:50 PM Feature #7683 (New): Splunk Universal Forwarder Package

It would be nice to have a Splunk Universal Forwarder package so we can send logs and other monitor capable files e.g... Dennis Chow

07:40 PM Bug #7681 (Not a Bug): OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

Intro:
Hello this is my first bug entry. I hope I have done a good job reporting the specifics of what I believe to ... David Nuzik

07/07/2017

03:14 PM Bug #7263 (Resolved): FreeRADIUS - complete lack of input validation

Seems to be good. Jim Pingle

02:39 PM Bug #7237 (Resolved): ACME - first table row on certs tab does not autoexpand the fields

This has been fixed for a while now Jim Pingle

07/06/2017

02:07 PM Bug #4756 (Not a Bug): OpenVPN Client Export fails when using "real" certificate

It works fine if you import the chain, see #2800, which would include the case of a public CA (which should still nev... Jim Pingle

02:00 PM Bug #7170 (Resolved): FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2

This has all been removed from FreeRADIUS. Cert handling in FreeRADIUS is 100% done in the Cert Manager now on 2.3.4 ... Jim Pingle

07/05/2017

02:55 PM Bug #7674 (Resolved): Issue Downloading Snort Alert Log Download

I have found that I am no longer able to download the Alert Logs from the snort_alerts.php page. I have attempted di... Ryan Eckenrode

07/02/2017

04:53 PM Bug #7670 (Not a Bug): Bind : Serial for slave zone is missing in IHM

Using bind as slave server, the page https://localhost:8443/pkg.php?xml=bind_zones.xml does not display the zone seri... Nicolas Marot

06/30/2017

01:58 PM Bug #7669: ACME Certificates

But we need to have a discussion -- on the forum -- about why that happened before it can be called a bug. The upgrad... Jim Pingle

01:11 PM Bug #7669: ACME Certificates

I get that freeradius isn't related to acme. You just rejected the root of my problem which is no CA key for ACME gen... robbie foster

12:18 PM Bug #7669 (Rejected): ACME Certificates

Please post on a new forum thread and discuss this before opening a bug report. It's possible something else went wro... Jim Pingle

12:15 PM Bug #7669 (Rejected): ACME Certificates

version 2.4.0-beta. My letsencrypt certificates are about to expire and my certificates in acme certificates didn't m... robbie foster

06/28/2017

08:09 AM Todo #7664 (Rejected): https filtering in pfsense without configuring proxy settings in client browser .

What can be done, is already there. Splice to see domains or you have to install CA on clients. Post on the forum, do... Jim Pingle

08:07 AM Todo #7664 (Rejected): https filtering in pfsense without configuring proxy settings in client browser .

https filtering in pfsense without configuring proxy settings in client web browser .
Ravi Kumar

06/26/2017

11:42 AM Bug #7661 (Resolved): pfBlockerNG doesn't make a rule for Antarctica

If Antarctica entries with a count > 0 are added to the pfBlockerNG GeoIP, there won't be an Antarctica rule created.... Stuart Wyatt

10:27 AM Todo #7658: BGP support in Quagga

OK done. Please see https://redmine.pfsense.org/issues/7660 Chris Zimman

10:25 AM Todo #7658: BGP support in Quagga

This issue is for BGP only, not other features. Scope creep isn't helpful, that needs to be in a separate feature req... Jim Pingle

10:22 AM Todo #7658: BGP support in Quagga

Right now, in the Quagga GUI, there's a single entry for a CARP address to monitor. If you're adding better GUI supp... Chris Zimman

10:11 AM Todo #7658: BGP support in Quagga

That is unrelated to the topic on this ticket. It would be a separate feature request. Jim Pingle

10:10 AM Todo #7658: BGP support in Quagga

We need to be able to monitor more than one CARP IP for failover. Our config has CARP on the inbound and outbound si... Chris Zimman

10:27 AM Feature #7660 (Rejected): Please add the ability to monitor more than one CARP address to the Quagga GUI support

We need to be able to monitor more than one CARP IP for failover. Our config has CARP on the inbound and outbound sid... Chris Zimman

03:13 AM Feature #7655: Captive portal and squid non transparent

I have readed all about that link and sorry, but i don't understand anything ?
Jose Perez

06/24/2017

10:14 AM Todo #7658: BGP support in Quagga

There is a PR to support using it via raw config, but no GUI yet.
https://github.com/pfsense/FreeBSD-ports/pull/356 Jim Pingle

10:07 AM Todo #7658 (Resolved): BGP support in Quagga

OpenBGPD pkg on pfsense doesn't seem to be up to date for years (since 2012 probably) - a lot of recently (and may be... Vladimir Lind

07:40 AM Feature #7657: OpenBGPD local-as feature in neighbors context

UPD: Looks like some commands which are not present in webgui do work when pasting directly in bgp neighbor context i... Vladimir Lind

02:26 AM Feature #7657 (Rejected): OpenBGPD local-as feature in neighbors context

Please add "local-as" feature in OpenBGPD webgui "neighbors" tab -> "Neighbor Parameters". This command is described ... Vladimir Lind

06/23/2017

11:32 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

Pim Janssen wrote:
> 4.0 LTS Will be added in september 2017. I think having only LTS releases would be enough.
Y... James Lavoy

11:27 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

4.0 LTS Will be added in september 2017. I think having only LTS releases would be enough. Pim Janssen

11:24 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

James Lavoy wrote:
> Therefore this change has caused pfSense to be unable to be used as a proxy if someone is using... James Lavoy

11:20 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

I apologize, in the future I will be sure to track every version of software released everywhere and update my bug re... James Lavoy

11:18 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

Information in a ticket needs to be precise and specific no matter when it's read. It is unreasonable to expect anyon... Jim Pingle

11:14 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

Jim Pingle wrote:
> If that is the case, it was not stated clearly anywhere on the problem description or even in th... James Lavoy

11:06 AM Bug #6129 (New): zabbix agent/proxy 2.4 not ported to pfSense 2.3

If that is the case, it was not stated clearly anywhere on the problem description or even in the comments. Maybe if ... Jim Pingle

10:52 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

@Jim
The issue is here because the 3.0 proxy is NOT backwards compatible. For that reason it would be good to have a... Pim Janssen

10:44 AM Bug #6129 (Resolved): zabbix agent/proxy 2.4 not ported to pfSense 2.3

Jim Pingle

10:26 AM Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

Looks like a done case.
Currently zabbix agent and proxy 3.0 LTS is available in pfsense-2.3 Heðin Ejdesgaard Møller

06/21/2017

04:18 PM Feature #7655: Captive portal and squid non transparent

Kindly read https://redmine.pfsense.org/issues/5594#note-11. Kill Bill

01:39 AM Feature #7655 (Bogus): Captive portal and squid non transparent

Hi.
When we configure squid in non-transparent mode and in the browser we configure the proxy address and the port, ... Jose Perez

06/20/2017

02:08 PM Bug #7524 (Resolved): Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates

This works for me now. I can browse secure sites through squid HTTPS MITM with Chrome and there are no certificate er... Jim Pingle

07:20 AM Bug #7654 (Resolved): Can't use a LDAP search filter containing an accent

Hi,
I use a virtual machine with pfSense 2.3.4 (amd64) with Squid package v0.4.37 (including squid 3.5.26).
I h... mr xhark

06/19/2017

02:36 PM Bug #7524: Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates

Packages are up for 2.4 and 2.3.4, 2.3.x snapshots will be up next time a snapshot runs. Test and let us know if it i... Jim Pingle

01:58 PM Bug #7524 (Feedback): Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates

Jim Pingle

01:54 PM Bug #7524: Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates

I'm getting 3.5.26 pulled into the package branches right now, should be building and up soon. Jim Pingle

06/17/2017

06:31 AM Bug #7617: OpenBGP not restarting on new WAN IP or firewall reload

Thank you, again. _shellcmd_ package was the answer.
Perhaps someone could close this now. (I can't see any way t... Phil Biggs

05:18 AM Bug #7617: OpenBGP not restarting on new WAN IP or firewall reload

Yeah I'd say it's no longer needed since WAN IP change will trigger @filter_configure()@ on its own. Kill Bill

05:11 AM Bug #7617: OpenBGP not restarting on new WAN IP or firewall reload

Many thanks for that. Tested and works.
I didn't know that _shellcmd_ even had that option. I've never used it b... Phil Biggs

03:59 AM Bug #7617: OpenBGP not restarting on new WAN IP or firewall reload

Phil Biggs wrote:
> The table is successfully reloaded on new WAN IP but it doesn't work after a firewall rule chang... Kill Bill

03:39 AM Bug #7617: OpenBGP not restarting on new WAN IP or firewall reload

It's a horrible hack but I added a line to openbgpd.inc:... Phil Biggs

06/15/2017

10:31 AM Feature #7621 (Resolved): OpenVPN Client Export name whens is a windows installer have the same name its a bit confused

Jim Pingle

10:30 AM Bug #7533 (Resolved): HAProxy 1.7.3+ Breaks with DNS Resolvers configured (UNIX stats sockets fail)

Workaround is in place and functioning OK. Next HAProxy release will have it included without needing a local patch. ... Jim Pingle