pfSense » pfSense Packages

04/24/2018

03:20 PM Bug #8482 (Closed): Reseting states causes ntop-ng to core dump

Almost certainly nothing we can do about a crash of that nature. You'll have to take that up with ntopng and/or FreeB... Jim Pingle

03:17 PM Bug #8482 (Closed): Reseting states causes ntop-ng to core dump

Not sure if this is somewhat expected, but reseting states through the "diagnostics" menu causes ntopng to core dump.... Jon Hayward

07:56 AM Bug #8425: telegraf not reporting memory

*UPDATE*: my changes were committed upstream (https://svnweb.freebsd.org/ports?view=revision&revision=468200).
I h... Chipster Cuch

07:42 AM Bug #8425: telegraf not reporting memory

Telegraf 1.6.1 was released yesterday with the updated godeps that fix various issues. I have submitted my patches up... Chipster Cuch

04/23/2018

07:57 AM Bug #8476: OpenVPN Client Export TLS Key Direction Directive Location

As long as we can prove that change will not negatively impact other clients it should be OK to make that change, but... Jim Pingle

04/21/2018

02:17 PM Bug #8476 (Resolved): OpenVPN Client Export TLS Key Direction Directive Location

pfSense Version: pfSense-CE-memstick-2.4.3-RELEASE-amd64.img.gz ( https://nyifiles.pfsense.org/mirror/downloads/pfS... Joshua Katz

04/20/2018

11:34 AM Feature #8475 (Closed): syslog-ng TLS configuration support

For syslog-ng to use TLS, it needs access to certificates, and in particular CA certs. For the local cert/key I can ... Orion Poplawski

04/19/2018

03:39 PM Bug #6339: OpenVPN Client Export package option for "Use Microsoft Certificate Storage" does not specify which certificate to use

Not sure if it would be easier to implement, but using this works well for me:... Caleb Hornbeck

04/17/2018

04:33 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Also:
1. Add "path_dir" to the default list of ACL expressions
2. Your current ACLs are case insensitive (-i) by ... Petr H

06:32 AM Bug #8438: haproxy: can't use ACL for cert with http-response actions

I've got one minor feature proposal:
Notes/Description/Comments for each ACL or action entry
Normally if I'd us... Petr H

07:54 AM Bug #8466 (Resolved): radiusd crash

Radiusd crash when for a user is set a password in plain text containing " (double qoutes)
After this all users get ... Razvan Petrescu

04:31 AM Bug #8425: telegraf not reporting memory

*UPDATE*:
Telegraf 1.6.0 final was released today. I have updated the port accordingly, and it includes the memory p... Chipster Cuch

04/16/2018

12:42 PM Bug #8277 (Resolved): ntopng service fails to start on 2.4.3

Jim Pingle

09:21 AM Bug #8461 (Closed): open-vm-tools : bug with version 2.4.3

The updated port is already on 2.4.4 snapshots, try it there. If it still has issues, you'll need to replicate them o... Jim Pingle

05:54 AM Bug #8461 (Closed): open-vm-tools : bug with version 2.4.3

Hello,
I have a very specific bug that appeared with version 2.4.3.
When uploading a file to pfSense using vmwa... Julien Gormotte

04/15/2018

12:01 PM Feature #8279: Consider adding a new option to the Rule Order

Two more options:
1 - in pfBlockerNG, Rule Order add option - "Do not change (preserve) existing order"
or
... Yuri Weinstein

04/14/2018

10:51 AM Bug #8425: telegraf not reporting memory

FWIW: Here is my @port@ setup for the patched Telegraf fixing the memory issue and addressing the new golang deps for... Chipster Cuch

04/13/2018

04:50 PM Bug #8456 (Resolved): Squid shows Warning on package page after installation

Jim Pingle

04:02 PM Bug #8456: Squid shows Warning on package page after installation

Tested on 2.4.4.a.20180413.1305, fix works. Anonymous

04:08 PM Bug #8425: telegraf not reporting memory

*Update*: I worked with an InfluxData dev on this issue and it's indeed upstream. @gopsutil@[1], a golang dependency ... Chipster Cuch

09:48 AM Bug #8454: Arpwatch package break email notifications from other sources

Makes sense since all that sendmail script does is call the internal mail handling.
I see three options:
1. Chang... Yehuda Katz

08:56 AM Bug #8277 (Feedback): ntopng service fails to start on 2.4.3

Done on 2.4.3 and 2.3.5 Renato Botelho

04/12/2018

01:51 PM Bug #8456 (Feedback): Squid shows Warning on package page after installation

Fix pushed Jim Pingle

01:37 PM Bug #8456 (Resolved): Squid shows Warning on package page after installation

Install 2.4.2 CE, upgrad to latest 2.4.4 snapshot. Install Squid package, visit Services > Squid and the text (Warnin... Anonymous

01:36 PM Bug #8277 (Assigned): ntopng service fails to start on 2.4.3

Since it's OK on 2.4.4, we can copy back the new ntopng to 2.4.3 now Jim Pingle

12:38 PM Bug #8277: ntopng service fails to start on 2.4.3

Tested on 2.4.4.a.20180412.1121, service starts and can be accessed. Anonymous

07:34 AM Bug #8454: Arpwatch package break email notifications from other sources

I wouldn't say those are broken. Those cron notifications didn't work at all without the symlink setup by arpwatch. F... Jim Pingle

07:18 AM Bug #8454 (New): Arpwatch package break email notifications from other sources

Arpwatch replaces /usr/sbin/sendmail with a symlink to a PHP script that specifically mentioned Arpwatch in the messa... Yehuda Katz

04/10/2018

01:08 PM Bug #8440 (Not a Bug): Suricata 4.0.4_1 disablesid.conf does not disable rule?

Jim Pingle

12:58 PM Bug #8440: Suricata 4.0.4_1 disablesid.conf does not disable rule?

This is not a bug. The rule being triggered was a flowbit rule. Therefore, the disablesid.conf could not disable the ... Raffi T

04/09/2018

07:37 PM Bug #8425: telegraf not reporting memory

Can confirm this same behavior. An upstream bug was also filed: https://github.com/influxdata/telegraf/issues/3750 Chipster Cuch

04:01 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

The haproxy_config_init() is a new function added in the second last commit. Not sure why that wouldn't exist after u... Pi Ba

03:41 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Updated and tested all of the above - looks alright.
Only right after the update I encountered one issue:
- I was... Petr H

12:39 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Okay 0.56 haproxy-devel package is available now through normal pfSense packages. If you can check 'everything' now w... Pi Ba

12:04 PM Bug #8449: FRR 4.0 zebra daemon crashes

Looks like this isn't just specific to BGP. In the forum thread linked above, it is happening on multiple amd64 VMs t... Jim Pingle

11:44 AM Bug #8449 (Resolved): FRR 4.0 zebra daemon crashes

The zebra daemon in FRR 4.0 won't stay running with a BGP configuration. It crashes on startup. OSPF alone seems to b... Jim Pingle

04/08/2018

01:11 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

2. found&fixed
The plugin 'injects' extra stylesheets, and the setCSSdisplay function searches for a particular st... Pi Ba

11:07 AM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Re 2: I usually use Firefox @ Windows 10 and yes with some blockers such as NoScript, uBlock and few user scripts in ... Petr H

09:40 AM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Thanks for testing and reporting about these issues.
1. found&fixed
2. these items seem to work properly for me o... Pi Ba

04/07/2018

06:58 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

It seems to be fine, good.
While I'm at it, few more glitches I found:
1. *Backend: Timeout / retry settings*
... Petr H

04:14 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

If you can perhaps test/validate my changes again haproxy-devel version that would be great.
Either the full thing (... Pi Ba

08:38 AM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Re regex - yes you're right.
I was living with the false assumption (based on some tests that I remember from the pa... Petr H

07:23 AM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Petr H wrote:
> >http-response set-var(txn.txnhost) hdr(host)
> That seems to set that variable only during the res... Pi Ba

04/06/2018

09:33 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

>http-response set-var(txn.txnhost) hdr(host)
That seems to set that variable only during the response processing. I... Petr H

05:55 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Actually that the condition is added to all actions in the frontend probably is the 'right thing' to do.. (my previou... Pi Ba

03:26 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Ok thanks can reproduce it now. Ill check why that happens. Pi Ba

02:49 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Attached sample haproxy.cfg that demonstrates the problem. With this file the warnings occur at lines 48 and 49:
<pr... Petr H

01:59 PM Bug #8438: haproxy: can't use ACL for cert with http-response actions

Can you show/attach the complete haproxy.conf itself? I'm not yet seeing when this would occur.. And or perhaps a scr... Pi Ba

05:40 PM Feature #8442 (Rejected): ACME - custom script for DNS validation

Please add ability to upload custom script for DNS validation.
I have provider for which I have script to update DNS... Tomas Ulicky

02:18 PM Bug #8421 (Resolved): AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

Jim Pingle

01:37 PM Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

I can now confirm the package is available for 2.4.3 and the fix works as expected.
Thank you all for your time. Bruno Pinto

12:07 PM Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

It should show up for 2.4.3 users momentarily. Jim Pingle

10:41 AM Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

After a few days waiting for the package to show up on the update list, I went to look at the FreeBSD-ports repositor... Bruno Pinto

10:16 AM Bug #8440 (Not a Bug): Suricata 4.0.4_1 disablesid.conf does not disable rule?

I'm not sure if this started in Suricata 4.0.4_1, but I recently found a rule in my disablesid.conf which was still t... Raffi T

04/05/2018

05:27 PM Bug #8438 (New): haproxy: can't use ACL for cert with http-response actions

pfSense 2.4.3, pfSense-pkg-haproxy 0.54_2, haproxy 1.7.10
1. Primary frontend used by other shared ones
2. SSL-en... Petr H

01:24 PM Bug #8436 (Rejected): I have the problem of User authentication and password in my proxy, when I intend to update the packages using pkg upgrade and pkg update

This is not a support platform, please post your question on the forum, pfSense subreddit, or mailing list. Jim Pingle

01:09 PM Bug #8436 (Rejected): I have the problem of User authentication and password in my proxy, when I intend to update the packages using pkg upgrade and pkg update

Hello, I am new using pfsense 2.4.2, I have the same problem of User authentication and password in my proxy, I have ... Julio Acosta

01:18 PM Todo #8433: Upgrade NRPE-SSL Package to NRPE3

Oh sorry I wasn't aware it was already done in the snapshots, haven't used them in a long time. Ken Sim

09:00 AM Todo #8433 (Feedback): Upgrade NRPE-SSL Package to NRPE3

It is already switched to nrpe3 on 2.4.4 snapshots because the nrpe2 and nrpe-ssl ports were removed from the FreeBSD... Jim Pingle

04/04/2018

11:38 PM Todo #8433 (Resolved): Upgrade NRPE-SSL Package to NRPE3

net-mgmt/nrpe-ssl (https://www.freshports.org/net-mgmt/nrpe-ssl/) has been depreciated and removed since January. Can... Ken Sim

04/03/2018

01:48 PM Bug #8421 (Feedback): AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

Fix committed b95ecbc9a9f4d87e77079dbf023ddb346460bdb1. It should show up as a package update for AutoConfigBackup wh... Anonymous

01:17 PM Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

The message looks like the same from here
(system)@172.xx.x.xx: Captive Portal Voucher database synchronized wit... Bruno Pinto

01:14 PM Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

What is the reason you see for the backup? under Diagnostics > AutoConfigBackup > Restore I want to make sure I am se... Anonymous

06:16 AM Bug #8421 (Resolved): AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working

I've been using pfSense in a HA configuration for a while now, and just recently started using the captive portal fea... Bruno Pinto

12:21 PM Bug #8425 (Resolved): telegraf not reporting memory

Since installing 2.4.3, telegraf isn't reporting memory anymore. Everything else is reporting as usual. Lucas Hereld

05:35 AM Bug #7293: dns/bind911 requires TCP_RFC7413 in kernel

This should be fixed building the kernel with "options TCP_RFC7413" and enabling fastopen sysctl. Wagner Sartori Junior

04/02/2018

10:19 AM Bug #8414: ntopng fails to start with Disable Alerts option

For what it's worth I had found other report. I reported a new issue because #8277 was pre-release and indicates that... Denny Page

08:25 AM Bug #8414 (Duplicate): ntopng fails to start with Disable Alerts option

Duplicate of #8277 Jim Pingle

12:10 AM Bug #8414 (Duplicate): ntopng fails to start with Disable Alerts option

Ntopng fails to start (core dumps) with the "Disable Alerts" (-H) option enabled. It starts fine without the option s... Denny Page

08:28 AM Feature #8416 (Resolved): Mailreport - Minute of the Hour

Any chance of adding *Minute of the Hour* as an option in the schedule, I'd like a bit more granularity if possible.
... Andy Kniveton

08:26 AM Bug #8277 (Feedback): ntopng service fails to start on 2.4.3

A new version of ntopng is available now on 2.4.4 snapshots which should address this issue. Try it there and let us ... Jim Pingle

04/01/2018

06:14 PM Bug #8404 (Duplicate): IPSec pre-shared key

Try the patch on the other ticket and add comments there. Jim Pingle

05:57 PM Bug #8404: IPSec pre-shared key

Same behavior as described in #6668
As long as the second (side-to-side) is aktiv, the only PSK that will match is... Lasse not relevant

03/31/2018

08:54 AM Bug #8405 (Duplicate): pfSense 2.4.3 breaks HAProxy if using VIP

Looks like the same issue as #8393 Jim Pingle

06:59 AM Bug #8405 (Duplicate): pfSense 2.4.3 breaks HAProxy if using VIP

If using a VIP for HAProxy instead of localhost, the upgrade to 2.4.3 creates the following error. Changing from the ... Rick Strangman

05:46 AM Bug #8404 (Duplicate): IPSec pre-shared key

After upgrading from 2.4.2_p1 to 2.4.3, just the last added (active) IPSec tunnel <PSK> matches in PHASE-1.
All ot... Lasse not relevant

03/30/2018

11:00 AM Bug #8400 (Closed): FreeRadius 3 EAP-TLS Missing O.U. Option

Under Services-->FreeRADIUS-->EAP-->EAP-TLS
The Organizational Unit (O.U.) is missing from the option for:
"Che... Kristopher Kolpin

03/29/2018

09:28 PM Feature #8362: Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates

This feature was added in the Suricata GUI package v4.0.4_1 pull request posted on GitHub here: https://github.com/pf... Bill Meeks