Project

General

Profile

Activity

From 03/04/2020 to 04/02/2020

04/02/2020

09:50 PM Feature #10415: FreeRADIUS Package: Add option to enter NT or MD5 prehashed passwords in configuration
Link to pull request: https://github.com/pfsense/FreeBSD-ports/pull/822 Implements #10415 Adds prehashed NT-Password ... Tet-Woo Lee
09:19 PM Feature #10415 (Resolved): FreeRADIUS Package: Add option to enter NT or MD5 prehashed passwords in configuration
The FreeRADIUS Package currently provides the option to use 'Cleartext-Password' and only hashing option - 'MD5-Passw... Tet-Woo Lee
03:19 PM Bug #10413 (Pull Request Review): BIND plugins are not copied into chroot
PR: https://github.com/pfsense/FreeBSD-ports/pull/816 Jim Pingle
02:55 PM Bug #10413 (Resolved): BIND plugins are not copied into chroot
BIND 9.13.5 introduced a new plugin system, and the filter-aaaa support was moved to a plugin, so we need to copy the... Scott Dial
03:07 PM Bug #10378: Add IPv6 network to Squid localnet
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/817 Viktor Gurov
01:07 PM Bug #10411: ACME only uses DoH, Broken renewal
Jim Pingle wrote:
> Still seems like acme.sh should handle that more gracefully without relying on such a long timeo... theodore adams
12:44 PM Bug #10411: ACME only uses DoH, Broken renewal
Still seems like acme.sh should handle that more gracefully without relying on such a long timeout, or have an option... Jim Pingle
12:41 PM Bug #10411: ACME only uses DoH, Broken renewal
Thank you for reviewing Jim.
I have been researching further and found closed issues on the acme.sh github:
https... theodore adams
10:36 AM Bug #10411 (Needs Patch): ACME only uses DoH, Broken renewal
That will need to be raised as an issue directly with acme.sh not here. Jim Pingle
10:21 AM Bug #10411 (Needs Patch): ACME only uses DoH, Broken renewal
The issue is described on the forum here:
> https://forum.netgate.com/topic/150984/doh-verification-method
DoH ap... theodore adams
12:25 PM Bug #10379 (Feedback): squid not authenticate LDAP/RADIUS
PR 814 was merged Jim Pingle

04/01/2020

02:21 PM Bug #9347 (Resolved): Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net"
Jim Pingle
02:17 PM Feature #10403 (Feedback): Add Proxy support to ACME package
This has been implemented in ACME package version 0.6.6
I tested it against a local squid instance and it worked. ... Jim Pingle
09:49 AM Feature #10403 (Resolved): Add Proxy support to ACME package
The ACME package does not utilize the system proxy settings when making outbound queries.
Though there is not spec... Jim Pingle
02:16 PM Bug #10405 (Feedback): Additional instances of ACME Domain SAN list entries with passwords are rendered as checkboxes
This is fixed in ACME package version 0.6.6 Jim Pingle
10:29 AM Bug #10405 (Resolved): Additional instances of ACME Domain SAN list entries with passwords are rendered as checkboxes
When adding more than one Domain SAN list entry to an ACME certificate, password type fields are rendered as checkbox... Jim Pingle
01:33 AM Bug #10379: squid not authenticate LDAP/RADIUS
Ismael Peixoto Azambuja wrote:
> O 71 wrote:
> > Hi Ismael,
> >
> > Can you give me the line write in the squid... O 71

03/31/2020

06:29 PM Bug #10379: squid not authenticate LDAP/RADIUS
O 71 wrote:
> Hi Ismael,
>
> Can you give me the line write in the squid.conf file ?
> If you check or uncheck "... Ismael Peixoto Azambuja
03:43 PM Bug #10379 (Pull Request Review): squid not authenticate LDAP/RADIUS
Jim Pingle
02:53 PM Bug #10379: squid not authenticate LDAP/RADIUS
Fix: https://github.com/pfsense/FreeBSD-ports/pull/814 Viktor Gurov
10:05 AM Bug #10379: squid not authenticate LDAP/RADIUS
I test and it works if I modify the file /usr/local/pkg/squid.inc like this :... O 71
04:37 AM Bug #10379: squid not authenticate LDAP/RADIUS
Hi Ismael,
Can you give me the line write in the squid.conf file ?
If you check or uncheck "LDAP follow referrals... O 71
02:06 AM Bug #10379: squid not authenticate LDAP/RADIUS
available update: 0.4.44_16, here all work perfect now.
do not know who to thank, but thanks for the correction! Ismael Peixoto Azambuja
10:33 AM Bug #10385: Pb with Username authorized characters when OTP is disabled
There is also an issue with being able to user MAC addresses in the FreeRadius username in the XX:XX:XX:XX:XX:XX beca... MILO MEDIN

03/30/2020

05:09 PM Bug #10379: squid not authenticate LDAP/RADIUS
Hello,
I update to 0.4.44_16, I use LDAP Authentification. The password is ok, but it doesn't work correctly with ... O 71
12:45 PM Bug #10379 (Feedback): squid not authenticate LDAP/RADIUS
PR was merged Jim Pingle
02:56 PM Bug #10393 (Pull Request Review): Syslog-ng TLS support is broken
Jim Pingle
02:53 PM Bug #10393 (Resolved): Syslog-ng TLS support is broken
The TLS support currently is broken because the CA certificate file name is not correct. For this reason the clients ... Daniel Fariña
02:35 PM Feature #10297 (Pull Request Review): IPv6 user attributes
Jim Pingle
01:55 PM Bug #10369 (Pull Request Review): Remote OpenVPN server protocol definition
Jim Pingle
11:43 AM Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
Since the user enters the PIN alongside the randomly generated OTP code (password=PIN+CODE) I am not seeing how any c... Jim Pingle
11:36 AM Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
Thanks for your answers.
I would agree, generally the 4 digit pin + totp makes the system safer.
Here are our t... Andreas Heckmann
10:23 AM Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
While the GA script allows omitting the PIN I don't see why you'd want to reduce the security in that way. Part of th... Jim Pingle
04:19 AM Bug #10261: Arpwatch fails to download ethercodes.dat
This is still a issue !!
I have all vendors as unknown.
I fix it and after a while it get broken again.
Us... Tobias Müllauer

03/29/2020

01:36 PM Bug #10379: squid not authenticate LDAP/RADIUS
O 71 wrote:
> I have the same problem after update.
>
> I think the problem comes from the -w parameter. It shoul... Viktor Gurov
08:13 AM Bug #10379: squid not authenticate LDAP/RADIUS
A picture of my test to illustrate O 71
08:06 AM Bug #10379: squid not authenticate LDAP/RADIUS
I have the same problem after update.
I think the problem comes from the -w parameter. It should be done like this... O 71
05:36 AM Bug #10379: squid not authenticate LDAP/RADIUS
Ismael Peixoto Azambuja wrote:
> Hi, i test this fix, but dont work here...
I have successfully tested this PR w... Viktor Gurov

03/28/2020

06:21 PM Bug #10379: squid not authenticate LDAP/RADIUS
Viktor Gurov wrote:
> Local and RADIUS auth works fine
>
> LDAP auth fix:
> https://github.com/pfsense/FreeBSD-p... Ismael Peixoto Azambuja
04:16 AM Bug #10379: squid not authenticate LDAP/RADIUS
Local and RADIUS auth works fine
LDAP auth fix:
https://github.com/pfsense/FreeBSD-ports/pull/811 Viktor Gurov
12:57 AM Bug #10379: squid not authenticate LDAP/RADIUS
I have not found the problem yet, but I did test on an outdated server, 2.4.4p3 squid 0.4.44_8 and everything works p... Ismael Peixoto Azambuja
12:58 PM Bug #10385: Pb with Username authorized characters when OTP is disabled
Hi, thanks for your fast answer.
So I have modifief the file /usr/local/pkg/freeradius.inc, line 3668 and 3669 wit... Olivier GUENET
12:08 PM Bug #10385: Pb with Username authorized characters when OTP is disabled
need to revert back https://github.com/pfsense/FreeBSD-ports/pull/775/
and cherry-pick https://redmine.pfsense.org... Viktor Gurov
11:34 AM Bug #10385 (Resolved): Pb with Username authorized characters when OTP is disabled
Hi,
I have done the update to the 2.4.5 version of pfsense, with the update of the last package of freeradius3.
... Olivier GUENET
12:01 PM Feature #8878 (Resolved): Propagate user's description field into QR code for FreeRADIUS
works as expected on pfSense 2.4.5 with freeradius3 0.15.7_11 Viktor Gurov
12:57 AM Feature #10297: IPv6 user attributes
https://forum.netgate.com/topic/151725/freeradius-ipv6-framed-ip-issue-with-2-4-5:... Viktor Gurov

03/27/2020

09:31 AM Bug #10379: squid not authenticate LDAP/RADIUS
Cache.log
[2.4.4-RELEASE][admin@PFLog01.intra.uergs.rs]/var/squid/logs: cat cache.log
2020/03/27 10:29:52 kid1| S... Ismael Peixoto Azambuja
09:18 AM Bug #10379: squid not authenticate LDAP/RADIUS
Apparently everything is right in the configuration, when I type user and password, in the log appears users. In this... Ismael Peixoto Azambuja
09:07 AM Bug #10379: squid not authenticate LDAP/RADIUS
Ismael Peixoto Azambuja wrote:
> pfsense 2.4.4p3 with all packages updated, using squid with LDAP authentication wa... Viktor Gurov
08:36 AM Bug #10379: squid not authenticate LDAP/RADIUS
seems regression by https://redmine.pfsense.org/issues/9217 Viktor Gurov
05:19 AM Bug #10379 (Resolved): squid not authenticate LDAP/RADIUS
pfsense 2.4.4p3 with all packages updated, using squid with LDAP authentication was working perfectly, server with 2 ... Ismael Peixoto Azambuja
04:40 AM Bug #10367 (Resolved): squid reverse proxy not starting
works as expected on 2.5.0.a.20200326.1148 with squid 0.4.44_15 Viktor Gurov
02:22 AM Bug #10367: squid reverse proxy not starting
tested on 2.4.5 with squid 0.4.44_15
reverse proxy starts successfully Viktor Gurov
03:18 AM Bug #8774 (Resolved): Whitelist ALC type not supported by ssl_bump
tested on 2.4.5 with squid 0.4.44_15
works as expected Viktor Gurov
02:19 AM Bug #10378 (Resolved): Add IPv6 network to Squid localnet
Currently, the “Allow users in the interface” option only adds the IPv4 interface subnet to the list of allowed subne... Viktor Gurov
02:13 AM Bug #8887 (Resolved): Squid Proxy Interface not assignee to IPv6
tested on 2.4.5 with squid 0.4.44_15
now it works as expected Viktor Gurov
02:04 AM Feature #10357 (Resolved): Add Iperf verbose output option
works as expected on 2.4.5 with iperf 3.0.2_4 Viktor Gurov
02:02 AM Feature #9272 (Resolved): Allow multiple IP in ListenIP for Zabbix Agent
works as expected on 2.4.5 with zabbix-agent44 1.0.4_4 Viktor Gurov

03/26/2020

12:57 PM Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
Pardon my lack of experience using openvpn, but would this request mean all someone needs is the username? TOTP reall... Ben Cronce
09:10 AM Feature #10377 (New): Allow usage of TOTP (Google-Authenticator) without PIN
Currently it is not possible to create a radius user with TOTP enabled without entering an additional pin.
So to aut... Andreas Heckmann
06:30 AM Feature #9272 (Feedback): Allow multiple IP in ListenIP for Zabbix Agent
Renato Botelho
06:29 AM Bug #10338 (Feedback): FRR OSPF6 Router-ID configuration statement has changed
PR has been merged. Thanks! Renato Botelho
06:29 AM Feature #10357 (Feedback): Add Iperf verbose output option
PR has been merged. Thanks! Renato Botelho
06:24 AM Bug #8774 (Feedback): Whitelist ALC type not supported by ssl_bump
PR has been merged. Thanks! Renato Botelho
06:24 AM Bug #8887 (Feedback): Squid Proxy Interface not assignee to IPv6
PR has been merged. Thanks! Renato Botelho
06:24 AM Bug #10367 (Feedback): squid reverse proxy not starting
PR has been merged. Thanks! Renato Botelho
06:19 AM Bug #8625 (Feedback): PFsense squidGuard faulty URL check
PR has been merged. Thanks! Renato Botelho

03/23/2020

06:06 PM Bug #10370 (New): ntopng Timeseries not send to InfluxDB
When moving timeseries from rrd to influxdb it initial configures the db but does not send data to Influxdb.
Netga... Alex Garcia
02:28 PM Bug #10369: Remote OpenVPN server protocol definition
https://github.com/pfsense/FreeBSD-ports/pull/808 Viktor Gurov
02:25 PM Bug #10369 (Resolved): Remote OpenVPN server protocol definition
An exact definition of the OpenVPN remote server protocol must be present,
Otherwise, it may try to establish a conn... Viktor Gurov

03/22/2020

03:05 PM Bug #8625: PFsense squidGuard faulty URL check
https://github.com/pfsense/FreeBSD-ports/pull/806 Viktor Gurov
01:40 PM Bug #10367: squid reverse proxy not starting
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/805 Viktor Gurov
08:06 AM Bug #10367 (Resolved): squid reverse proxy not starting
FATAL: Bungled /usr/local/etc/squid/squid.conf line 89: http_port Array:80 accel defaultsite=mysite.com vhost
http... Manuel Piovan

03/20/2020

07:45 AM Bug #8887 (Pull Request Review): Squid Proxy Interface not assignee to IPv6
Jim Pingle
06:21 AM Bug #8887: Squid Proxy Interface not assignee to IPv6
Squid IPv6 addresses needs square brackets
Otherwise, you will get:... Viktor Gurov

03/19/2020

03:04 PM Feature #10357 (Pull Request Review): Add Iperf verbose output option
Jim Pingle
01:17 AM Feature #10357: Add Iperf verbose output option
https://github.com/pfsense/FreeBSD-ports/pull/801 Viktor Gurov
01:12 AM Feature #10357 (Resolved): Add Iperf verbose output option
iperf verbose output (-V) shows more detailed information, including TCP MSS, CPU utilization, time and version:
<pr... Viktor Gurov
03:01 PM Feature #10356 (Pull Request Review): Support for additional Notification Support
PR: https://github.com/pfsense/FreeBSD-ports/pull/800 Jim Pingle
02:23 AM Feature #10358 (New): Stage FRR Configuration Changes
Changes made to the configuration on any FRR Component are applied immediate when hitting the save button. If a large... Luki TJ

03/18/2020

08:06 PM Feature #10356 (Resolved): Support for additional Notification Support
Refer to feature #10354 Telegram Notification Support in the main pfsense package.
In order for the service watch... John Kap

03/16/2020

08:06 AM Bug #8774 (Pull Request Review): Whitelist ALC type not supported by ssl_bump
Jim Pingle

03/15/2020

02:02 PM Bug #8774: Whitelist ALC type not supported by ssl_bump
https://github.com/pfsense/FreeBSD-ports/pull/799 Viktor Gurov
10:51 AM Feature #10347 (New): Request to add pull-filter
Since the option --route-nopull is under discussion to be deprecated I would like to propose --pull-filter to be adde... Pippin MMD

03/12/2020

01:33 PM Todo #9200: Add DNS support for Google domain to Acme manager
The question is how is certbot doing it using a plugin called dns-google
It is a python plugin Manvir Randhawa
09:13 AM Bug #10338 (Pull Request Review): FRR OSPF6 Router-ID configuration statement has changed
Jim Pingle

03/11/2020

10:13 PM Todo #9200: Add DNS support for Google domain to Acme manager
Google Domains currently does not have any API that allows DNS records to be managed programmatically, so no ACME cli... Jeremy  99
04:09 PM Bug #10338: FRR OSPF6 Router-ID configuration statement has changed
Only a quick fix so submitted a PR.
https://github.com/pfsense/FreeBSD-ports/pull/798 Ben Hughes
03:51 PM Bug #10338 (Resolved): FRR OSPF6 Router-ID configuration statement has changed
Trying out the latest 2.4.5 RC and I noticed that my ospf6 router-id had reverted to the default of picking the highe... Ben Hughes
06:48 AM Bug #10320 (Feedback): lcdproc Crash report begins
PR has been merged. Thanks! Renato Botelho
01:24 AM Feature #10335 (Resolved): Squid IPv6 transparent mode
Add IPv6 transparent mode feature to Squid
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193568#c2:
Your PF... Viktor Gurov

03/10/2020

11:14 AM Bug #10332 (Closed): PFBlockerNG loading GeoLite2-Country.mmdb
Running pfsense 2.4.5.r.20200305.1800 with pfBlockerNG-devel 2.2.5_29
After downloading GeoLite2-Country.tar.gz, p... John Clark
09:47 AM Bug #10326 (Not a Bug): Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available"
Jim Pingle
05:34 AM Bug #10330 (Feedback): BIND zone configuration displays wrong DS resource record with inline DNSSEC signing enabled
Hi everybody
The zone GUI for the BIND DNS server helpfully displays the DS resource records to transfer to the pa... Andreas Grommek

03/09/2020

06:48 PM Bug #10326: Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available"
This is not a bug. It's caused by the alert log file getting purged by either getting rotated as part of the periodic... Bill Meeks
12:13 PM Bug #10326 (Not a Bug): Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available"
Snort v 3.2.9.10
Package Dependencies:
snort-2.9.15  barnyard2-1.13_1
In the blocked tab show data in the IP C... Diego Leon
10:58 AM Feature #9003 (Feedback): Add 'Copy Running to Saved' option to the raw config
PR has been merged. Thanks! Renato Botelho
10:53 AM Feature #8196 (Feedback): pfSense-pkg-LCDproc: add a shutdown/reboot control menu
PR has been merged. Thanks! Renato Botelho
10:52 AM Feature #8198 (Feedback): pfSense-pkg-LCDproc: Add a link status screen for each interface
PR has been merged. Thanks! Renato Botelho
10:45 AM Feature #8574 (Feedback): Enable AgentX-support in lldpd using GUI
PR has been merged. Thanks! Renato Botelho
10:32 AM Bug #8887 (Feedback): Squid Proxy Interface not assignee to IPv6
PR has been merged on 2.4.5 and 2.5.0. Thanks! Renato Botelho
10:28 AM Feature #10297 (Feedback): IPv6 user attributes
PR has been merged. Thanks! Renato Botelho
10:03 AM Feature #9272 (Pull Request Review): Allow multiple IP in ListenIP for Zabbix Agent
Jim Pingle
04:48 AM Feature #9272: Allow multiple IP in ListenIP for Zabbix Agent
Fix + allow to use :: and ::/1 IPv6 addresses:
https://github.com/pfsense/FreeBSD-ports/pull/791 Viktor Gurov
09:56 AM Bug #10320 (Pull Request Review): lcdproc Crash report begins
Jim Pingle

03/07/2020

05:14 PM Bug #10320: lcdproc Crash report begins
for($i = 0; $i < ($lcdpanel_height - 1) && i < count($traffic); $i++)... Manuel Piovan
05:07 PM Bug #10320: lcdproc Crash report begins
the first crash seem to be related to the last option undere screen, Addresses by traffic
i add this information: WA... Manuel Piovan
05:04 PM Bug #10320: lcdproc Crash report begins
if i stop the service lcdproc i have another crash report for a while, i think LCDd is killed but lcdproc took some t... Manuel Piovan
03:33 PM Bug #10320 (Resolved): lcdproc Crash report begins
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 ce9563d5729(... Manuel Piovan
12:26 PM Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
Tenzen Tunkman wrote:
> This issue is still not solved - Inline filtering will break traffic shaping as well as for ... Bill Meeks
08:19 AM Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
This issue is still not solved - Inline filtering will break traffic shaping as well as for example traffic graph fun... Tenzen Tunkman

03/06/2020

06:05 AM Bug #8729 (Resolved): IPv6 - FRR BGP issue with Redistribute connected networks
tested on 2.5.0.a.20200305.2255 with frr 0.6.4_2
works as expected - address family sections now looks good
 Viktor Gurov
 

Also available in: Atom