pfSense » pfSense Packages

12/17/2018

01:19 PM Feature #9085: OpenVPN connect/disconnect scripts

The default for pfS is keepalive 10 60 on server side and will be automatically pushed to clients.
Please see "--k... Pippin MMD

12:58 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I have made at least a couple of posts on the pfSense IDS/IPS forum about this: _snortrules-snapshot-3000.tar.gz (14... Bill Meeks

12/16/2018

06:38 PM Bug #9204 (Needs Patch): ospfd: GRE tunnels became unnumbered since 2.4.4

I have recently tested an upgrade to 2.4.4_1, from 2.4.3. It is a hub and spoke type setup with GRE over IPSec, ipv4 ... Firstname Surname

05:54 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

The errors now appear to be due to illegal rules instead of "unknown reference key", with the exception an unknown ru... P L

05:30 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

My bug report that re-installing Suricata does *not* restore important configuration files to their default settings ... P L

02:12 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

This issue is still open. If a proposed workaround for this issue didn't fix it doesn't make that a new issue. It's s... Jim Pingle

01:41 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

Bug report #9202 was closed as a duplicate. However, bug #9202 relates to the failure of re-install options from fix... P L

04:38 PM Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh

Forgot to mention that I have changed my connect logger line to:... Phil Biggs

04:28 PM Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh

See my comment under https://redmine.pfsense.org/issues/9085. (Not 9805, sorry.)
I agree that the numbers could b... Phil Biggs

03:33 PM Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh

See also here:
https://redmine.pfsense.org/issues/9085
Pippin MMD

04:22 PM Feature #9085: OpenVPN connect/disconnect scripts

I think you're correct but I guess I didn't wait long enough for the keepalive timer to expire.
In testing this,... Phil Biggs

02:40 PM Bug #9079: High CPU usage of ntopng even during IDLE and no network traffic

Thanks for the script. Since version 2.4.4-p1 with the new version of ntopng the CPU idle usage did improve:
(weaker... Hannes W.

01:36 PM Bug #9202: Bug #9195 not fixed with Suricata re-install, un-install and fresh install (not keeping settings), or all package re-install

Clearly, this is not the same bug report.
That was a bug with errors occuring with Suricata. This is a bug that t... P L

01:22 PM Bug #9202 (Duplicate): Bug #9195 not fixed with Suricata re-install, un-install and fresh install (not keeping settings), or all package re-install

The other bug report is still open. Add notes there, don't open a new issue for the same problem. Jim Pingle

12:19 PM Bug #9202 (Duplicate): Bug #9195 not fixed with Suricata re-install, un-install and fresh install (not keeping settings), or all package re-install

I have tried System -> Package Manager -> Installed Packages -> Suricata -> clicked Reinstall. Same issue (Bug #9195)... P L

01:24 PM Feature #9201 (Rejected): Mailreport - Add Graph in mails

Anything like that would have to be self-contained on the firewall. Relying on an external/internet-based service is ... Jim Pingle

12/15/2018

12:59 PM Feature #9201 (Rejected): Mailreport - Add Graph in mails

I'am looking for a way to join graphics/charts as image objects (png,gif,jpg,and so on...) in mail reports.
I notice... Joshua Sign

09:24 AM Bug #9079: High CPU usage of ntopng even during IDLE and no network traffic

I use ntop and didn't notice this problem.
Maybe some ntop options can cause more cpu usage...
I use Pfsense 2.4.... Joshua Sign

08:29 AM Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh

And just for information : OpenVPN client without "explicit-exit-notify" *TRIG* the client-disconnect portion of /usr... Joshua Sign

08:23 AM Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh

I just test your logger lines, it is really fun to get the result :... Joshua Sign

07:19 AM Bug #9196: mailreport stopped work

Thank You.
I added this commit to my current PR : https://github.com/pfsense/FreeBSD-ports/pull/602/commits/b03293... Joshua Sign

07:00 AM Bug #9196: mailreport stopped work

Hi, Joshua.
Yes, that solved the problem, thanks. Alex Nozdrev

06:19 AM Bug #9196: mailreport stopped work

Hi Alex,
Thank you for your reply.
As we can see in the telnet output you give : your mail server purpose START... Joshua Sign

02:03 AM Bug #9196: mailreport stopped work

Ok.
[2.4.4-RELEASE][root@pfsense.mydomain]/root: telnet 10.1.97.12 25
Trying 10.1.97.12...
Connected to mail.myd... Alex Nozdrev

12/14/2018

11:21 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I have tried System -> Package Manager -> Installed Packages -> Suricata -> clicked Reinstall. Same issue.
Will t... P L

07:59 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

config reference: McAfee http://vil.nai.com/vil/content/v_
I am unable to resolve "vil.nai.com". Problem? P L

07:40 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

cat /usr/local/etc/suricata/reference.config
config reference: arachNIDS http://www.whitehats.com/info/IDS
con... P L

07:24 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I have clicked on Diagnostics -> Backup & Restore -> Backup & Restore -> Package Functions -> Reinstall Packages.
... P L

07:00 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

On the same page, I use: Snort IPS Policy selection -> Use IPS Policy (checked), Use rules from one of three pre-defi... P L

06:56 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I have uninstalled Suricata without preserving settings and re-installed from scratch. I still see these errors. I ... P L

05:48 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I have not been able to reproduce this error in any of my testing. I have tested updated an existing Suricata instal... Bill Meeks

09:26 PM Todo #9200: Add DNS support for Google domain to Acme manager

The latest version of the acme.sh script (not the GUI package) has some support but it isn't like the other integrate... Jim Pingle

08:21 PM Todo #9200 (Resolved): Add DNS support for Google domain to Acme manager

Please add DNS support of Acme manager for use with google domains. I'm using their DDNS feature and can't find them... nivlek trahreg

06:20 PM Bug #9196: mailreport stopped work

Alex,
In the "System/Advanced/Notifications/Test SMTP Settings" log there is "ehlo=1 mail=1 rcpt=1 data=1 quit=1 c... Joshua Sign

05:43 PM Bug #9196: mailreport stopped work

The error seems to indicate that it fails to verify peer certificate because unknown CA.
The successfull test is m... Joshua Sign

12:51 PM Bug #9181 (Resolved): Spelling error in gwled package (0.2.4_1)

Corrected the typo:
Commit fd1d1c086c844c32835d26b35cb1a7c1c88927ca
pfSense-pkg-gwled 0.2.4_2 Clinton Cory

12:03 PM Bug #9181 (In Progress): Spelling error in gwled package (0.2.4_1)

Clinton Cory

12/13/2018

11:37 AM Bug #9196: mailreport stopped work

Why then passes the test SMTP? Message from PF (shutdown for example) delivered successfully too. How to solve the pr... Alex Nozdrev

08:27 AM Bug #9196 (Not a Bug): mailreport stopped work

The latest version enabled Automatic TLS for improved security, and your mail server does not appear to have a valid ... Jim Pingle

02:33 AM Bug #9196: mailreport stopped work

System/Advanced/Notifications/Test SMTP Settings
Dec 13 11:22:09 mail postfix/postscreen[8670]: CONNECT from [1... Alex Nozdrev

01:02 AM Bug #9196 (Not a Bug): mailreport stopped work

After the update to version 3.4, the mailreport stopped work.
Dec 13 08:43:19 mail postfix/postscreen[18817]: CONN... Alex Nozdrev

06:31 AM Bug #9194: pfSense-Status_Monitoring - Can't Save default view

Pull request : https://github.com/pfsense/FreeBSD-ports/pull/602 Joshua Sign

01:16 AM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I receive the errors on the following versions of pfSense:
2.4.4-RELEASE-p1 (amd64) (Netgate hardware) with Surica... P L

12:27 AM Bug #9195 (Resolved): Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I receive a very (very) large number of these kinds of errors in the Suricata logs (and system logs) related to refer... P L

12/12/2018

04:42 PM Bug #9194 (Resolved): pfSense-Status_Monitoring - Can't Save default view

If $_GET['view'] is not set or empty, you cant save the default view.
This is because the view-title hidden input ... Joshua Sign

08:29 AM Feature #9044: Add SoftEther

+1
The throughput on softether vpn is higher than OpenVPN. Kristopher Kolpin

12/11/2018

04:43 PM Bug #9177: FRR 0.2_4 installation broken with pfSense 2.4.4_1

Jim's reasoning turned out correct. A reinstall of 2.4.4, upgrade to p1 and package installation worked 100%.
This s... Chris Bennetts

12/10/2018

12:19 PM Bug #9188 (Resolved): Suricata GUI Package fails to send SIGHUP to the Suricata binary process when truncating/rotating the log files

The log truncation and rotation code in the Suricata GUI package is not sending a SIGHUP to the running Suricata proc... Bill Meeks

12/09/2018

10:56 AM Bug #7437: Mail Report package 3.1 removed support for STARTTLS

In my opinion, it is better to set SMTPAutoTLS to TRUE because :
1 - if both actors (client and server) can use ST... Joshua Sign

10:45 AM Feature #8416: Mailreport - Minute of the Hour

Pull request created : https://github.com/pfsense/FreeBSD-ports/pull/600 Joshua Sign

10:04 AM Feature #8416: Mailreport - Minute of the Hour

I just done the modifications.
I will push them on the github.
But this is my first contribution to a project thr... Joshua Sign

10:44 AM Bug #9185: Mailreport - Cant sending repports if multiple emails addresses in smtpnotifyemailaddress

Pull request created : https://github.com/pfsense/FreeBSD-ports/pull/600 Joshua Sign

09:58 AM Bug #9185: Mailreport - Cant sending repports if multiple emails addresses in smtpnotifyemailaddress

i forget a ) in the code, the good one is :
$addresses = explode(",", $config['notifications']['smtp']['notifyemai... Joshua Sign

09:17 AM Bug #9185 (Resolved): Mailreport - Cant sending repports if multiple emails addresses in smtpnotifyemailaddress

In the field smtpnotifyemailaddress on the system_advanced_notifications.php we can put pultiple mail addresses with ... Joshua Sign

12/08/2018

12:42 PM Feature #6022: Consider MLVPN for bonded VPN

+1 here...
Some countries, like where I am, we don't have a larger uplink DSL than 1MB!
more than 1MB should ha... Michael F

12/07/2018

12:57 PM Bug #9181 (Resolved): Spelling error in gwled package (0.2.4_1)

At Interfaces > Gateway Status LEDs, periodic is misspelled as ... Anonymous

07:13 AM Bug #9177 (Not a Bug): FRR 0.2_4 installation broken with pfSense 2.4.4_1

I can't replicate this on 2.4.4-p1.
Looks like you messed up the package repositories on that box somehow, like ma... Jim Pingle

05:16 AM Bug #9012: Captive Portal authentication in Squid Proxy Server does not work

In */etc/inc/captiportal.inc* (ee /etc/inc/captiveportal.inc)
approximatively line 699 (3128 = proxy port)
####... Jer DIe

03:35 AM Bug #9139: telegraf: add ping for default gateway(s)

Maybe a upgrade to telegraf 1.7 is sufficient to get ping working ?
From 1.7 changelog #4227: Use same flags for all... Torben Hørup

12/06/2018

08:40 PM Bug #9177 (Not a Bug): FRR 0.2_4 installation broken with pfSense 2.4.4_1

The package doesn't like 2.4.4+... Chris Bennetts

03:28 PM Bug #9176 (Closed): Spelling error in Acme package (0.3.2_4)

I fixed the typo but did not bump the package for that minor of a change. The fix will come with whatever update happ... Jim Pingle

03:22 PM Bug #9176 (Closed): Spelling error in Acme package (0.3.2_4)

At Services > Acme Certificates > General settings, under Cron Entry, successful is misspelled as ... Anonymous

08:45 AM Bug #9174 (Resolved): Suricata rulesets in 2.4.4_1

I cannot see rulesets when i create a new interface in Suricata with the Duplicate button from another interface. If ... Stefan Fluir

12/04/2018

10:50 AM Bug #9164: Snort barnyard2 / pfSense 2.4.4-p1 issue

Thanks Jim the pkg install -fy mysql56-client has fixed the issue. Andy Kniveton

09:47 AM Bug #9164: Snort barnyard2 / pfSense 2.4.4-p1 issue

That library is a part of mysql56-client-5.6.41 which is there for 2.4.4-p1. If it isn't pulled in by barnyard2 that'... Jim Pingle

09:39 AM Bug #9164 (Resolved): Snort barnyard2 / pfSense 2.4.4-p1 issue

After updating to 2.4.4-p1 barnyard2 will no longer run as libmysqlclient.so.18 is missing.
Dec 3 16:34:51 php-fpm... Andy Kniveton

12/02/2018

03:25 PM Todo #9158 (Resolved): Updates for Squid 4.x

hi
the version 4 of squid proxy for "production use" are available
and it's seems that provide better support f... mom aiaz

11/29/2018

06:22 AM Feature #9085: OpenVPN connect/disconnect scripts

[quote]I believe that without that option, a client-disconnect script won't be called.[/quote]
After the time-out de... Pippin MMD

11/28/2018

03:43 AM Feature #6226: Add usb_modeswitch to the pfSense package repo

i tried on pfsense 2.4.4 with same huawei model
and it worked fine
khaled osama

03:35 AM Feature #6226 (Feedback): Add usb_modeswitch to the pfSense package repo

Applied in changeset pfsense:commit:1b988ed0e7168ada9e6260274f63fd84b15873a1. Renato Botelho

02:48 AM Feature #6226: Add usb_modeswitch to the pfSense package repo

update for pfsense 2.4.4
run the following command to support pfsense 2.4.4
pkg add http://pkg.freebsd.org/free... khaled osama

11/27/2018

10:24 PM Bug #8761: Port Forwarding Rules Stop Working when HAProxy is Configured

Tj Ng wrote:
> ACat L. Check your HAProxy's advanced settings. Turn off "Transparent ClientIP" and see if NAT works ... Acat L

08:42 PM Bug #8761: Port Forwarding Rules Stop Working when HAProxy is Configured

ACat L. Check your HAProxy's advanced settings. Turn off "Transparent ClientIP" and see if NAT works again.
Captiv... Tj Ng

11/26/2018

07:49 AM Feature #9141: FRR xmlrpc

There is no sync in Quagga or OpenBGPD either.
AFAIR it was done deliberately since in nearly all cases it would b... Jim Pingle

11/22/2018

11:37 AM Bug #9135: Suricata in inline modus blocks some downloads

Bill Meeks wrote:
> This bug needs to be reported upstream to the Suricata team. When you use Inline IPS mode, you ... Rene Hutschreuther

07:24 AM Bug #9143: ntopng not displaying values in historical correctly

I forgot to list versions...
pfSense: ... Ryan Amos

05:06 AM Bug #9142 (Not a Bug): pkg-static for webfonts timeout

Renato Botelho

11/21/2018

01:59 PM Bug #9143 (Closed): ntopng not displaying values in historical correctly

In NTOPNG > Interfaces > Historical it's not displaying traffic values correctly, it seems to cap around 10Mbps.
H... Ryan Amos

01:33 PM Bug #9142: pkg-static for webfonts timeout

This is resolved, turns out the issue with ISP, spoke to 'em and they sorted it.
I'm not sure how to close the tic... Ryan Amos

08:48 AM Bug #9142 (Not a Bug): pkg-static for webfonts timeout

Installing ntopng failed, it threw this error to ... Ryan Amos

08:22 AM Feature #9141 (New): FRR xmlrpc

FRR seems to be missing the option to sync the config viar XLMRPC. Chris Macmahon

06:06 AM Bug #8607 (Resolved): Suricata package fails to prune suricata.log

Renato Botelho

11/20/2018

02:27 AM Bug #9139 (New): telegraf: add ping for default gateway(s)

It would be nice if telegraf plugin could generate config lines for pinging default gateway.
there's a minor issue... Torben Hørup

02:22 AM Bug #9138 (Closed): telegraf: add section for custom config lines

there should be a textarea input for adding extra config lines to telegraf config. Torben Hørup

11/19/2018

04:49 PM Bug #9135: Suricata in inline modus blocks some downloads

This bug needs to be reported upstream to the Suricata team. When you use Inline IPS mode, you are using code straig... Bill Meeks

11/18/2018

11:15 PM Bug #6784: HAProxy version .48 will not use URL Table Alias for front end listener

Quick up.
I just stumbled upon a scenario where having support for URL Table Alias would be helpful or desirable, ... Stéphane Lapie

04:40 PM Bug #9135 (Rejected): Suricata in inline modus blocks some downloads

Suricata in the inline mode blocks some downloads mostly from Subdomains but some downloads it blocked from normal do... Rene Hutschreuther