pfSense » pfSense Packages

09/03/2017

04:46 AM Bug #6378: inline background styles in squidguard package

Someone kindly merge this PR and call it a day. https://github.com/pfsense/FreeBSD-ports/pull/385
It makes things ... Kill Bill

04:38 AM Bug #3342: Missing input validation for MAC addresses

Validation has been there for a while.
https://github.com/pfsense/FreeBSD-ports/pull/308
https://github.com/pfsen... Kill Bill

03:17 AM Bug #7670: Bind : Serial for slave zone is missing in IHM

I have no idea what's IHM but there's no serial saved in config.xml for slave zones (you cannot even configure it, th... Kill Bill

03:04 AM Bug #7271: Co-existence of unbound and BIND/named

Test this please.
https://github.com/pfsense/FreeBSD-ports/pull/416 Kill Bill

09/02/2017

06:53 AM Bug #7836: FreeRADIUS - certain chars in clients shared secret result in broken configuration

https://github.com/pfsense/FreeBSD-ports/pull/415 Kill Bill

06:50 AM Bug #7836 (Resolved): FreeRADIUS - certain chars in clients shared secret result in broken configuration

See https://forum.pfsense.org/index.php?topic=135980.msg744283#msg744283 and following.
E.g., having a shared secr... Kill Bill

08/31/2017

12:16 PM Bug #7835: freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

May I suggest "Enter the maximum bandwidth for download in Kbps" and moving on? Kill Bill

12:09 PM Bug #7835: freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

Then we can change the description to say kibibit instead. Changing the multiplier would result in people having an u... Jim Pingle

11:51 AM Bug #7835: freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

Jim Pingle wrote:
> There are 1024 bits in a kilobit. Not 1000. I'll fix the "in in" typo.
Freebsd uses 1000 bits... Azure it

09:36 AM Bug #7835 (Not a Bug): freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

There are 1024 bits in a kilobit. Not 1000. I'll fix the "in in" typo. Jim Pingle

09:31 AM Bug #7835 (Not a Bug): freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

When we add a new radius user, we can set Maximum Bandwidth Down/Up and in the help we can read:
*Enter the maximum ... Azure it

08/30/2017

05:39 AM Bug #7782 (Resolved): FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

Renato Botelho

02:03 AM Bug #7782: FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

Confirmed fixed, certificate/CA saved in config and no duplicates generated on reinstall. Thanks. Kill Bill

08/29/2017

02:31 PM Bug #7829 (Confirmed): Unable to expand the "Advanced Server Settings" in ACME certificate edit

OK. I see what you're talking about now.
Those settings do not exist for DNS-Manual. The fact that it displays any... Jim Pingle

02:14 PM Bug #7829 (Not a Bug): Unable to expand the "Advanced Server Settings" in ACME certificate edit

Not enough detail here (what "Method" is selected? What + button?)
The only method with a "Key Type" is nsupdate, ... Jim Pingle

01:49 PM Bug #7829 (Duplicate): Unable to expand the "Advanced Server Settings" in ACME certificate edit

Under Services\Acme\Certificate options: Edit, under Domain SAN List, clicking on the + icon next to "Key Type..." ap... Bart K

02:14 PM Bug #7782 (Feedback): FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

This should, I hope, be fixed with 0.13 of the FreeRADIUS3 package. Jim Pingle

11:23 AM Bug #7826 (Rejected): rule to open port 4500 udp for ipsec/ikev2 ignored and blocked

There must be something different about the packet causing it to be dropped. Please post on the forum, list, or reddi... Jim Pingle

11:02 AM Bug #7826 (Rejected): rule to open port 4500 udp for ipsec/ikev2 ignored and blocked

Hello,
on a pfsense 2.3.4_1 installed on a vm ( vmware ), i create a ikev2 ipsec server.
If i try to connect with... Domenico De Monte

08/28/2017

12:52 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

Jim Pingle wrote:
> dnsmasq on 2.4 is compiled with NLS enabled
Hmmmm...... Kill Bill

12:10 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

Jim Pingle wrote:
> dnsmasq on 2.4 is compiled with NLS enabled, which in turn sets up a dependency for IDN2 and use... Paul Tarsus

09:01 AM Bug #7820 (Feedback): 2.4: dnsmasq can no longer handle punycode, compile time options change?

dnsmasq on 2.4 is compiled with NLS enabled, which in turn sets up a dependency for IDN2 and uses -DHAVE_LIBIDN2. It ... Jim Pingle

12:00 PM Feature #7824 (Resolved): [acme / Let's Encrypt] Bump to the latest acme.sh package

Our domain names are managed by Gandi, and we cannot use the Gandi Live API for the verification of the domain name o... S. Debreuil

08/27/2017

12:56 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

Just noticed this change in dnsmasq 2.77, new in 2.4:
> Remove historic automatic inclusion of IDN support when bu... Paul Tarsus

12:49 PM Bug #7820 (Closed): 2.4: dnsmasq can no longer handle punycode, compile time options change?

I've used dnsmasq with a custom hosts file for years, with mappings including the following:
> 0.0.0.0 r7---sn-vgq... Paul Tarsus

08:57 AM Feature #6436 (Resolved): Add Stunnel binaries to the pfSense repository

Jim Pingle

03:04 AM Feature #6436: Add Stunnel binaries to the pfSense repository

Merged, can be closed. Kill Bill

08:56 AM Bug #6948 (Resolved): HAproxy files tab input validation nonsense - impossible to save files

Jim Pingle

03:15 AM Bug #6948: HAproxy files tab input validation nonsense - impossible to save files

Can be closed. Kill Bill

08/25/2017

02:45 PM Bug #7696 (Resolved): Telegraf Package Saving Incorrect Password

Jim Pingle

09:23 AM Bug #7696: Telegraf Package Saving Incorrect Password

Fixed in 0.3 Kill Bill

02:45 PM Bug #6603 (Resolved): pfblockerng's Unbound modifications leave system broken post-config restore

Jim Pingle

09:22 AM Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore

The above is included in 2.1.1_10. Kill Bill

01:42 PM Bug #7797: Squid Reverse Proxy alternating between destinations

Kill Bill wrote:
> As noted on another bug (Bug #7752), the reverse proxy part of Squid is pretty much unmaintained.... Mickael Fouquet

08/24/2017

04:29 AM Bug #6563: Squid still accepts sha1 certificates

https://github.com/pfsense/FreeBSD-ports/pull/402 since pretty much any decent browser nags about these nowadays. Kill Bill

03:16 AM Feature #7691: Allow for custom icap services for squid

You can integrate any of them by putting them to _Custom Options (After Auth)_ (or pretty much any of the advanced cu... Kill Bill

08/22/2017

04:42 PM Bug #7438: Squid 0.4.36_2 Remote Cache Parent not working

As noted above, this needs to go to the forums to identify the problem. Kill Bill

04:17 PM Bug #7674: Issue Downloading Snort Alert Log Download

This problem is fixed in the Snort package update to version 3.2.9.5. This ticket can be closed when the pull reques... Bill Meeks

02:24 PM Bug #7610: Squid use all memory ram.

This is an upstream bug with no fix and no good workaround for 3.5.x - cf. http://bugs.squid-cache.org/show_bug.cgi?i... Kill Bill

01:20 PM Bug #7797: Squid Reverse Proxy alternating between destinations

As noted on another bug (Bug #7752), the reverse proxy part of Squid is pretty much unmaintained. I'd strongly sugges... Kill Bill

01:09 PM Bug #7797 (Feedback): Squid Reverse Proxy alternating between destinations

Hello,
It's pretty hard to explain this bug, but it seems to be very old bug. This post explain it perfectly: http... Mickael Fouquet

11:39 AM Bug #7752: Squid 3 reverse proxy - HTTPS==>HTTP fails

The way the reverse proxy part of the Squid package is written, it will only redirect HTTPS to HTTPS and HTTP to HTTP... Kill Bill

11:39 AM Bug #7391 (Not a Bug): 0.4.36_1 localnet ACL missing

Jim Pingle

11:31 AM Bug #7391: 0.4.36_1 localnet ACL missing

As noted in https://redmine.pfsense.org/issues/7391#note-7 the OpenVPN interfaces are not added by design since it ad... Kill Bill

11:37 AM Bug #7431 (Resolved): BIND (9.11-2) Log shortcut needs to be updated.

Jim Pingle

11:24 AM Bug #7431: BIND (9.11-2) Log shortcut needs to be updated.

Merged long ago, can be closed. Kill Bill

11:08 AM Bug #7696: Telegraf Package Saving Incorrect Password

https://github.com/pfsense/FreeBSD-ports/pull/399/ Kill Bill

07:59 AM Feature #7792: FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)

The "Disable FIB Updates" option is the only GUI control to setup stub areas but it is global, not per interface/netw... Jim Pingle

01:26 AM Feature #7792 (Resolved): FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)

Setup pfsense as ABR with several areas and found one does not work properly if one of areas is stub. There are two m... Constantine Kormashev

07:53 AM Feature #7794 (Assigned): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

The OSPF metric option under Route Maps, "Metric" in the drop-down "Metric Action". The options there are the only op... Jim Pingle

03:14 AM Feature #7794 (Resolved): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

There is not @metric-type@ option in OSPF redistribute section of web-interface. By default FRR makes redistribution ... Constantine Kormashev

07:40 AM Feature #7793: FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

The input validation is weak to nonexistent all throughout FRR, it's all on my todo list yet.
As it is made now, i... Jim Pingle

01:46 AM Feature #7793 (Resolved): FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

There is not any checking for RID in OSPF6 section in web interface now, but one must be, because in case there is no... Constantine Kormashev

08/18/2017

11:40 AM Bug #7782 (Resolved): FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

The code is pretty good to avoid user confusion and get things working out of the box, however it should set the conf... Kill Bill

10:36 AM Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore

Fed up with this issue. It breaks fresh 2.4 installs exactly as noted in the above comment - see https://redmine.pfse... Kill Bill

08/17/2017

08:54 AM Bug #7780 (Closed): Blacklist update doesn't work on Firefox

When I click in Download it does nothing. It works on Chrome.
Firefox 55.0.1 x86_64 on Arch Linux. Thiago Coutinho

08/16/2017

04:21 PM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

This bug is fixed in GUI package version 4.0.0 using the code submitted by the OP. Bill Meeks

04:17 PM Bug #7716: Suricata - Barnyard2 webui configuration updates result in base64-encoded value written to the config for the password

This bug was fixed in GUI package version 3.2.2_3 via a Pull Request submitted by the OP. Bill Meeks

04:12 PM Bug #7578: Suricata -- Removing Hosts from Block Table via Alerts

This bug is fixed in GUI package version 4.0.0. Bill Meeks

08/15/2017

10:45 AM Bug #7766 (Resolved): ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

Looks good! Jim Pingle

08/11/2017

09:52 AM Bug #7766 (Feedback): ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

Version 0.1.19 should be fine Renato Botelho

09:28 AM Bug #7766: ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

Looks like we'll have to make a new port for it since the current pecl-ssh2 is only compatible with php 7+ Jim Pingle

09:02 AM Bug #7766 (Resolved): ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

commit af1ebe36a4787997f37a3cc1c1a9178e86286508 in the FreeBSD-ports repo removed pecl-ssh2 from the list of dependen... Jim Pingle

09:03 AM Bug #7208: ACME ftpwebroot doesn't work

Dmitry Ivanov wrote:
> Fatal error: Call to undefined function pfsense_pkg\acme\ssh2_connect() in /usr/local/pkg/acm... Jim Pingle

12:33 AM Bug #7208: ACME ftpwebroot doesn't work

PFSense 2.4.0
ACME 0.1.18
Fatal error: Call to undefined function pfsense_pkg\acme\ssh2_connect() in /usr/local/p... Dmitry Ivanov

12:02 AM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

Fixed in *PR#390*:
https://github.com/pfsense/FreeBSD-ports/pull/390/files BBcan177 .

08/10/2017

07:18 AM Bug #7764 (Not a Bug): Basic setup of squid + squidguard + ssl interception + transparent proxy produces https://http/* error.

It has to be something in your settings causing this. I can't reproduce it here. I have a working MITM transparent se... Jim Pingle

06:23 AM Bug #7764 (Not a Bug): Basic setup of squid + squidguard + ssl interception + transparent proxy produces https://http/* error.

Check this serverfault question:
https://serverfault.com/questions/866660/pfsense-squid-https-filtering-error-url-ca... m m

08/08/2017

11:53 AM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

Thanks! Another user had also submitted a fix for the EVE JSON log rotation issue. I asked him about incorporating ... Bill Meeks

11:43 AM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

Filed https://github.com/pfsense/FreeBSD-ports/pull/389 Orion Poplawski

08/07/2017

10:16 PM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

I'm the volunteer package maintainer for Suricata on pfSense. Thank you for providing a patch to go along with your ... Bill Meeks

05:56 PM Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough

This should be fixed in the newer versions of nvd3. I am attempting to upgrade, but there are some kinks to work out. Jared Dillard

07:22 AM Bug #7758 (Not a Bug): Error on squid

That is most likely due to either a compatibility issue with your cipher selection in squid and that site, or with sq... Jim Pingle

02:08 AM Bug #7758 (Not a Bug): Error on squid

I deployed pfsense 2.3.4 and installed Squid 3.5.26. I config squid in transparent mode and enable HTTPS/SSL intercep... Phong Bui-Quang

08/05/2017

11:17 AM Bug #7753 (Not a Bug): "Bypass Proxy for These Source IPs" does not seem to be working anymore

Jim Pingle

10:26 AM Bug #7753: "Bypass Proxy for These Source IPs" does not seem to be working anymore

This ticket should be closed. "Bypass Proxy for These Source IPs" works as expected. Yuri Weinstein