pfSense » pfSense Packages

10/19/2018

11:43 AM Todo #9041: update ntopng 3.6.0

It's actually already at 3.6 on 2.4.5 snapshots, and trying to pick back changes proved to be a bit of a challenge. I... Jim Pingle

10/18/2018

02:35 PM Bug #9050 (Resolved): Antartica does not make a rule

If Antarctica entries with a count > 0 are added to the pfBlockerNG GeoIP, there won't be an Antarctica rule created.... Stuart Wyatt

10/17/2018

10:46 AM Feature #8869: HAproxy should use RFC 7919 DH parameter files

Understood.
I now remember where I had stumbled upon this idea in the first place, it goes back to a few years bac... Stéphane Lapie

08:56 AM Feature #8869: HAproxy should use RFC 7919 DH parameter files

Accommodating SSL testers that have no concept of proper security procedures isn't something we should aspire to do. ... Jim Pingle

07:40 AM Feature #7179 (Feedback): Package Filer into 2.3

I added it to the list and bumped the package version to trigger a rebuild. It's up now for 2.4.4 and will go up with... Jim Pingle

07:21 AM Feature #7179: Package Filer into 2.3

Looks like it was never added to the port build list at https://github.com/pfsense/pfsense/blob/master/tools/conf/pfP... Jim Pingle

07:18 AM Feature #7179: Package Filer into 2.3

Where is the Filer package?
"PR #277":https://github.com/pfsense/FreeBSD-ports/pull/277 says "Merged" but I don't se... → luckman212

10/16/2018

10:24 PM Feature #8869: HAproxy should use RFC 7919 DH parameter files

I understand the intent behind the stock DH parameter files, however some SSL testers raise known DH parameters as so... Stéphane Lapie

08:16 PM Feature #9046 (New): telegraf feature request

we want to monitor the ntp service in pfsense, Now I manully add lines into telegraf.conf then manually start it, it ... mrco chen

08:00 AM Feature #9008 (Resolved): Add Zabbix 4 (agent and proxy) packages

Jim Pingle

07:38 AM Feature #9008: Add Zabbix 4 (agent and proxy) packages

This can be closed.
Thanks! Danilo Baio

10/14/2018

09:00 AM Feature #9044 (New): Add SoftEther

It would be nice if you can add SoftEther program. It supports OpenVPN and it has more functions than the simple Open... John Smith

10/13/2018

01:34 PM Todo #9041 (Resolved): update ntopng 3.6.0

update ntoping to 3.6.0
and enable activity map
the latest version of pfsense seems dos not enable activity ... mom aiaz

10/11/2018

11:34 AM Feature #8769: Allow FreeRADIUS users to change their own Passwords and Pins

No, because there isn't a generic way to change a RADIUS password like that. It depends on the RADIUS server and its ... Jim Pingle

11:21 AM Feature #8769: Allow FreeRADIUS users to change their own Passwords and Pins

Isn't this something that could be created as an add-on and not rely completely on the back end radius package? NCATS LAB

10/09/2018

03:43 PM Bug #9031 (Resolved): Suricata fails to start with interface with /31 mask

I have discovered that Suricata will not start in blocking mode when an interface has a /31 subnet mask when using an... Aaron Morris

07:58 AM Bug #9027: HAProxy: Unknown keyword lua-load

Should be fixed now, thanks for reporting. Pi Ba

06:49 AM Bug #9027 (Resolved): HAProxy: Unknown keyword lua-load

After upgrading pfSense from 2.4.3_1 to 2.4.4 our haproxy didn't started anymore.
The error we got was `Unknown ke... Karl Fritsche

10/08/2018

01:00 AM Bug #9025 (New): SquidGard + Target categories

Hello,
An error occurs after applying the changes to SquidGard when:
Removing an unwanted target category from "T... Issa Jacaman

10/06/2018

02:24 PM Bug #9020: Impossible to register ACME wildcard certificate regardless documentation

Jim Pingle wrote:
> You have some kind of configuration error. I tried it again exactly as stated on the page and it... Sorin Sbarnea

01:08 PM Bug #9020 (Not a Bug): Impossible to register ACME wildcard certificate regardless documentation

You have some kind of configuration error. I tried it again exactly as stated on the page and it works. Jim Pingle

09:59 AM Bug #9020 (Not a Bug): Impossible to register ACME wildcard certificate regardless documentation

Documentation at https://www.netgate.com/docs/pfsense/certificates/acme-wildcard.html states what needs to be done to... Sorin Sbarnea

12:43 PM Todo #8682 (Resolved): ACME Account Key registration gives no indication of success or failure, assumes success

This is only about the icon on the button on the key registration page, and it is working properly now. Jim Pingle

09:54 AM Todo #8682: ACME Account Key registration gives no indication of success or failure, assumes success

This is so true, the UI always gives the "green" response regardless what catastrophic failure occurred, confusing us... Sorin Sbarnea

07:31 AM Bug #8989 (Resolved): [Freeradius] not starting radiusd -X | Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry

Jim Pingle

03:12 AM Bug #8989: [Freeradius] not starting radiusd -X | Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry

Seems good to me. It can be marked as resolved A FL

10/05/2018

12:43 PM Bug #9013 (Resolved): pfSense Crash: AVAHI_RCFILE undefined constant

This was fixed days ago. Update to the latest version of that package. Jim Pingle

12:24 PM Bug #9013 (Resolved): pfSense Crash: AVAHI_RCFILE undefined constant

[04-Oct-2018 04:31:18 America/New_York] PHP Warning: Use of undefined constant AVAHI_RCFILE - assumed 'AVAHI_RCFILE'... P L

11:25 AM Bug #9012 (New): Captive Portal authentication in Squid Proxy Server does not work

Version pfsense 2.4.4-RELEASE (amd64)
I have configured Authentication Method to "Captive Portal" in Squid Proxy Ser... Kevin Chou

10/04/2018

11:51 AM Feature #9008: Add Zabbix 4 (agent and proxy) packages

https://github.com/pfsense/pfsense/pull/3995
https://github.com/pfsense/FreeBSD-ports/pull/580 Danilo Baio

11:44 AM Feature #9008 (Resolved): Add Zabbix 4 (agent and proxy) packages

What's new in Zabbix 4.0.0:
https://www.zabbix.com/documentation/4.0/manual/introduction/whatsnew400 Danilo Baio

06:51 AM Feature #9003 (Resolved): Add 'Copy Running to Saved' option to the raw config

Would be possible to add these buttons to the raw config page as the Quagga package does, i'm slowly moving over to u... Ben Hughes

10/03/2018

02:18 PM Bug #8997 (Resolved): squidGuard Times does not accept more than one value

Confirmed fixed by other forum users who hit the same issue: https://forum.netgate.com/topic/136288/squidguard-and-mu... Jim Pingle

10:16 AM Bug #8997 (Feedback): squidGuard Times does not accept more than one value

Fix pushed in squidGuard pkg version 1.16.18_1 which will be up shortly. Jim Pingle

08:49 AM Bug #8997: squidGuard Times does not accept more than one value

Probably something similar to what I fixed yesterday in ACLs. I'll take a look. Jim Pingle

08:17 AM Bug #8997 (Resolved): squidGuard Times does not accept more than one value

squidGuard Times does not accept more than one value. (PFSense 2.4.4, squid 0.4.44_5, squidGuard 1.16.18)
On the... Leonardo Simonato

09:46 AM Bug #8945: SquidGuard ACL blacklists

I had to make a clean install, but it is working for me as well ! Thanks a lot for your support guys Andres Noriega

07:26 AM Bug #8945 (Resolved): SquidGuard ACL blacklists

Jim Pingle

01:16 AM Bug #8945: SquidGuard ACL blacklists

Works again. Thank you Marcel Beerli

12:33 AM Bug #8945: SquidGuard ACL blacklists

Great Thanks a lot. It works fine in my pfsense Issa Jacaman

08:00 AM Bug #8996 (Bogus): pfBlockerNG not like CloudFlare DNS

Jim Pingle

07:57 AM Bug #8996: pfBlockerNG not like CloudFlare DNS

Sorry - issue already resolved in devel version. DRago_Angel [InV@DER]

04:21 AM Bug #8996 (Bogus): pfBlockerNG not like CloudFlare DNS

Hi all, pfBlockerNG use IP 1.1.1.1 is list of IPs is NULL, so any time list is null CloudFlare DNS can be banned, fil... DRago_Angel [InV@DER]

10/02/2018

02:32 PM Bug #8945 (Feedback): SquidGuard ACL blacklists

Fixed in squidGuard pkg v 1.16.18 which will show up shortly. Jim Pingle

02:18 PM Bug #8945 (In Progress): SquidGuard ACL blacklists

Jim Pingle

05:46 AM Bug #8989 (Feedback): [Freeradius] not starting radiusd -X | Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry

PR merged Renato Botelho

04:28 AM Bug #8989: [Freeradius] not starting radiusd -X | Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry

See https://forum.netgate.com/topic/135894/solved-freeradius-doesn-t-start-after-a-pfsense-2-4-4-fresh-install-and-re... Gertjan KROEB

02:11 AM Bug #8989: [Freeradius] not starting radiusd -X | Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry

This is my fault. I have to appologize for this error, sorry.
see #8927 -and https://github.com/pfsense/FreeBSD-p... A FL

01:51 AM Bug #8989: [Freeradius] not starting radiusd -X | Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry

Same here - Radius won't start after Update anymore Hostmaster BI

10/01/2018

10:24 PM Bug #8989 (Resolved): [Freeradius] not starting radiusd -X | Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry

freeradius is not starting after latest update, i figured out the issue.
radiusd -X show:
@Errors reading /usr/... rub man

11:13 AM Bug #8986 (Duplicate): Clear SQUID GUARD

Nothing intelligible here. Most likely a duplicate of #8945
Post to the forum if that is not the case. Jim Pingle

11:06 AM Bug #8986 (Duplicate): Clear SQUID GUARD

No set options list access squidguard
clear error !!! save button Raul Flores

10:56 AM Bug #8984 (Feedback): stunnel: Illegal string offset and other PHP hiccups (due to PHP upgrade)

This was corrected in stunnel 5.37 Anonymous

09:16 AM Bug #8984: stunnel: Illegal string offset and other PHP hiccups (due to PHP upgrade)

There is some ongoing work happening on the stunnel package, this is likely already fixed in the development version ... Jim Pingle

08:27 AM Bug #8984 (Resolved): stunnel: Illegal string offset and other PHP hiccups (due to PHP upgrade)

The last major upgrade of the PHP packages caused this: ... L H

09:14 AM Bug #8871 (Resolved): Suricata: input not validated properly in suricata_rulesets.php results in wrong argument passed to in_array()

Jim Pingle

09:10 AM Bug #8871: Suricata: input not validated properly in suricata_rulesets.php results in wrong argument passed to in_array()

The variable _$enabled_rulesets_array_ is populated by the PHP code as it reads the config.xml configuration for the ... Bill Meeks

08:25 AM Bug #8871: Suricata: input not validated properly in suricata_rulesets.php results in wrong argument passed to in_array()

Seems to have been fixed silently, or through a different component or such, but no updates recorded here... L H

08:33 AM Feature #8985 (New): Suricata: allow configuration for external/internal additional storage

At the moment, to support storing additional data in an array of disks or just a single storage media, we must levera... L H

04:10 AM Bug #8945: SquidGuard ACL blacklists

Marcel Beerli wrote:
> Then it looks like its in pfSense 2.4.4 not in the packages.
> Lets hope it gets addressed i... Issa Jacaman

03:39 AM Bug #8945: SquidGuard ACL blacklists

Then it looks like its in either of the 2 packages. (squid or squidGuard), probably squidGuard Marcel Beerli

01:15 AM Bug #8945: SquidGuard ACL blacklists

I was on release 2.4.3-RELEASE-p1 (amd64) and did package updates to
squidGuard -> 1.16.17_3
squid -> 0.4.44_5
... Issa Jacaman

03:22 AM Feature #8982 (New): HAproxy ACL support for map in configuration UI

When defining ACLs with the GUI, it would be nice to have support for matching against a map for "Host matches:" type... Stéphane Lapie

09/29/2018

10:30 AM Bug #8909: tinc package makes /rc.newwanip looping forever

I temporary blocked the loop by disabling the OPT interface associated with tap0:... Andrew Hotlab

09/28/2018

11:35 PM Bug #8975: c-icap not starting - ICAP Inteface for Squid and ClamAV integration

Just some additional feedback.
I reinstalled squid, did not work.
then I uninstalled squid.
then I installed squid... Marcel Beerli

09:48 PM Bug #8975 (Not a Bug): c-icap not starting - ICAP Inteface for Squid and ClamAV integration

There is no longer a general problem here. Read the last comment on #8832 again.
Uninstall the package and then in... Jim Pingle

09:43 PM Bug #8975 (Not a Bug): c-icap not starting - ICAP Inteface for Squid and ClamAV integration

Running on PC Engines APU2, pfSense 2.4.4, squid 0.4.44_5 and squidGuard 1.16.17_3
Service c-icap is not starting ... Marcel Beerli

09:23 PM Bug #8945: SquidGuard ACL blacklists

Any indication when this is getting fixed?
Its in PackageProxy filter SquidGuard: Common Access Control List (ACL)Co... Marcel Beerli

08:20 AM Bug #8832 (Resolved): c-icap for Squid 5.1 on 2.4.4 Developer not starting

Uninstall squid and then reinstall. If it still won't start, then it's not this issue. Start a new thread on the foru... Jim Pingle

06:12 AM Bug #8966 (Resolved): Patches page uses GET instead of POST when performing actions

Renato Botelho

02:23 AM Bug #8966: Patches page uses GET instead of POST when performing actions

It seems to be fixed now. Thanks for the quick turnaround. Anonymous

09/27/2018

10:20 PM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

upgraded to squid 0.4.44_5 but c-icap is still not starting. Marcel Beerli

07:32 PM Bug #8966: Patches page uses GET instead of POST when performing actions

Yeah that was due to a syntax error I made in the previous commit. Fix has been pushed, update and try again Jim Pingle

06:42 PM Bug #8966: Patches page uses GET instead of POST when performing actions

I'm not entirely sure this related, but I just upgraded a system to 2.4.4 which picked up the new System Patches v1.2... Anonymous

01:36 PM Bug #8966 (Feedback): Patches page uses GET instead of POST when performing actions

Fixed in System Patches v1.2, which will show up shortly. Jim Pingle

11:53 AM Bug #8966 (Resolved): Patches page uses GET instead of POST when performing actions

When the patches page system_patches.php is used to apply or revert a patch, the link in the cookie trail area of tha... Mitch Claborn

02:21 PM Bug #8968 (Duplicate): Proxy filter SquidGuard - not loading properly

ACL issue is a duplicate of #8945
icap issue is a duplicate of #8832 Jim Pingle

02:19 PM Bug #8968 (Duplicate): Proxy filter SquidGuard - not loading properly

Hi,
running with pfsense 2.4.4 with squid 0.4.44_4 and squidguard 1.16.17_3
when Squid Guard Proxy Filter - Group A... Marcel Beerli

12:55 PM Bug #8945: SquidGuard ACL blacklists

I had to rollback too... lahoucine El kamel

09/26/2018

06:37 AM Bug #8945: SquidGuard ACL blacklists

lahoucine El kamel wrote:
> Hello,
>
> When editing the Squid Guard Proxy Filter I noticed that the settings afte... Helio Candido

06:00 AM Bug #8945: SquidGuard ACL blacklists

lahoucine El kamel wrote:
> Hello,
>
> When editing the Squid Guard Proxy Filter I noticed that the settings afte... Charles Melo

01:43 AM Bug #8945: SquidGuard ACL blacklists

Hello,
I have updated Squid and the ACL issue is still there.
When editing the Squid Guard Proxy Filter I noticed... lahoucine El kamel

09/25/2018

01:52 PM Bug #8832 (Feedback): c-icap for Squid 5.1 on 2.4.4 Developer not starting

This should be fixed now. Update the squid package and it should pick up the c-icap update and then work as expected.... Jim Pingle

11:47 AM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

Attached is a patch to fix the c-icap FreeBSD port default config to use the correct current syntax. Jim Pingle

10:39 AM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

The upstream port is _not_ fine. See the file I linked. The FreeBSD port is explicitly adding the ListenAddress direc... Jim Pingle

10:33 AM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

Hi Jim,
the guy from the mailing list is me.
The "Listen" directive was removed from 0.4 to 0.5.
Upstream port... Michael M

08:12 AM Bug #8944 (Duplicate): attemp of installing pfblocker brakes system on 2.4.3

Duplicate of #8938 Jim Pingle

04:47 AM Bug #8944 (Duplicate): attemp of installing pfblocker brakes system on 2.4.3

Any attempt to install pfblocker on clean 2.4.3-p1 breaks system.
Errors during installation:... Constantine Kormashev

07:39 AM Bug #8945: SquidGuard ACL blacklists

The i-cap issue is covered under #8832 Jim Pingle

07:33 AM Bug #8945 (Resolved): SquidGuard ACL blacklists

Hello,
When editing the Squid Guard Proxy Filter I noticed that the settings after saving are not loaded.
Example... lahoucine El kamel

09/24/2018

10:54 PM Bug #8940 (Duplicate): ICAP Inteface for Squid and ClamAV integration - service not starting

Duplicate of #8832 Jim Pingle

10:18 PM Bug #8940 (Duplicate): ICAP Inteface for Squid and ClamAV integration - service not starting

After the upgrade I had a crash report but it seemed to run. But on a new restart of the pcengines APU2 it would not ... Marcel Beerli

08:05 PM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

If the FreeBSD port is wrong, though, it should be fixed upstream. Then we wouldn't need to make any changes.
Some... Jim Pingle

07:17 PM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

Suggested fix: https://github.com/stephenw10/FreeBSD-ports/commit/d21954ad3b4e44e4df6e43e88ac22d589d8cf1b7 Steve Wheeler

07:09 PM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

This is a problem in the FreeBSD c-icap port. The port itself contains a patch that adds the ListenAddress line.
h... Jim Pingle

04:33 PM Bug #8832: c-icap for Squid 5.1 on 2.4.4 Developer not starting

Confirmed the above fix is still functional in 2.4.4r but the default package is still broken.
As a workaround you... Steve Wheeler

03:45 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

Ah, I forgot that it automatically probes the "latest stable" repo which automatically points you to 2.4.4/RELENG_2_4... Jim Pingle

03:44 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

I can confirm that upgrading to 2.4.4 fixes it, as well as downgrading haproxy to 0.59_9 via: pkg add -f https://file... Florian Apolloner

03:41 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

I agree "it shouldnt be". But i'm seeing my 2.4.3 box offer to install haproxy 0.59_11 .. which at least isn't availa... Pi Ba

03:33 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

It shouldn't be, they are on different branches (RELENG_2_4_3 vs RELENG_2_4_4), the commit may have been manually che... Jim Pingle

03:17 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

It seems like 2.4.3 is automatically pulling in the 2.4.4 repository files..?? Even though the 2.4.3 files still exis... Pi Ba

02:09 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

Well it sounds as if https://github.com/pfsense/FreeBSD-ports/pull/555#discussion_r212271252 got into 2.4.3? Florian Apolloner

02:04 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

No, each release has its own branch. It's possible that an edit intended to only stay on 2.4.4 was picked back to 2.4... Jim Pingle

02:03 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

Are you saying that packages are served from one repo only and will more or less immediately break if a new release o... Florian Apolloner

01:58 PM Bug #8932: Upgrade to HaProxy 0.59_11 fails on 2.4.3

Upgrade to 2.4.4 and try again. Jim Pingle

01:52 PM Bug #8932 (Resolved): Upgrade to HaProxy 0.59_11 fails on 2.4.3

I cannot upgrade to haproxy 0.59_11 because getarraybyref() no longer exists:... Florian Apolloner

09:36 AM Bug #8931 (Feedback): Service Watchdog PHP Errors

Fix committed in Service Watchdog pkg version 1.8.6, which will be up shortly after 2.4.4-RELEASE Jim Pingle

09/23/2018

02:14 PM Bug #8931: Service Watchdog PHP Errors

After hitting that uninstalling I'm unable to re-install:... Steve Wheeler

01:57 PM Bug #8931 (Resolved): Service Watchdog PHP Errors

PHP errors
PHP ERROR: Type: 1, File: /usr/local/pkg/servicewatchdog.inc, Line: 83, Message: Uncaught Error: ... Chris Linstruth