Project

General

Profile

Activity

From 03/01/2021 to 03/30/2021

03/30/2021

08:47 PM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
When you enable Doh/DoT Blocking, you must select atleast one of the lists below. I will add some input validation an... BBcan177 .
04:33 AM Bug #11756 (Feedback): HaProxy does not transfer backend states during reload
When reloading Haproxy (due to config changes for instance) the newly started process does not seem to remember the e... Florian Apolloner

03/29/2021

05:41 PM Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Enabling the "DoH/DoT Blocking" option in "Firewall/pfBlockerNG/DNSBL/DNSBL SafeSearch" menu causes pfSense to crash.... Jeff Strand
01:54 PM Regression #11738 (Feedback): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Merged Renato Botelho
08:47 AM Regression #11738 (Pull Request Review): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Jim Pingle
08:53 AM Bug #11746 (Pull Request Review): Second LDAP server configuration misses the ipaNThash control attribute
Jim Pingle
08:52 AM Bug #11745 (Pull Request Review): Incorrect compress options in exported configuration when server is set to refuse compression
Jim Pingle
08:12 AM Feature #11719: ACME - Create script for DNSExit API
Netgate maintains the pfSense package for acme.sh (pfSense GUI, code to setup and invoke acme.sh, etc) but we do not ... Jim Pingle
07:55 AM Feature #10859 (Pull Request Review): Add avahi filtering feature to pfSense
Jim Pingle
05:24 AM Feature #11749 (New): Option to disable NAT rule creation
I'd like to have an option to disable the automatic NAT rule creation of DNSBL.
First I'd like to have full manual... Frank Gouton

03/28/2021

06:51 AM Bug #11746: Second LDAP server configuration misses the ipaNThash control attribute
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/79 Viktor Gurov
06:49 AM Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute
Only the first LDAP server configuration contains the ipaNThash control attribute:
https://github.com/pfsense/FreeBS... Viktor Gurov
04:47 AM Bug #11745: Incorrect compress options in exported configuration when server is set to refuse compression
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/78 Viktor Gurov
04:16 AM Bug #11745 (Resolved): Incorrect compress options in exported configuration when server is set to refuse compression
I create ovpn server. I use it with some options, one of them is "refuse any non-stub compression". Then I use client... Viktor Gurov
12:06 AM Regression #11738: SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/77 Viktor Gurov

03/27/2021

03:39 PM Bug #11742 (Not a Bug): Blocking / Unblocking is not working correctly.
If you turn on blocking for a port via the GUI and then turn the blocking back off. Gui indicates that it is off, but... Ian Mitchell
08:24 AM Regression #11738 (Resolved): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Hello.
We found some strange behavior, after upgrade to this version 1.16.18_17
SG stop filtering our blacklist a... Peter Moreno

03/26/2021

11:43 AM Bug #10187: Insertion of ZERO_WIDTH_SPACE into IPv6 addresses make it impossible to use browser find functionality
If this is waiting for me to submit a patch: it ain't coming. Izaac Falken

03/24/2021

08:37 PM Feature #11719: ACME - Create script for DNSExit API
I must be misinterpreting the Netgate Package docs.
Reading from the page https://docs.netgate.com/pfsense/en/late... Mike McV
04:45 PM Feature #11719 (Rejected): ACME - Create script for DNSExit API
We don't write custom scripts at pfSense. Please open a ticket on ACME project for that Renato Botelho

03/23/2021

09:00 PM Bug #11632: unbound service not restarted on pfBlocker-devel install/reinstall
Duplicate issue:
https://redmine.pfsense.org/issues/11398 BBcan177 .
11:18 AM Feature #10859: Add avahi filtering feature to pfSense
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/76 Viktor Gurov

03/22/2021

10:48 PM Feature #11719 (Rejected): ACME - Create script for DNSExit API
Link to tech docs.
https://www.dnsexit.com/dns/dns-api/
This is out of my wheelhouse so any assistance would be... Mike McV

03/20/2021

07:11 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Yuran Yastreb wrote:
> Edgardo Rodriguez wrote:
> > Jim Pingle wrote:
> > > No, but since you compiled it on a dif... Edgardo Rodriguez
11:47 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Edgardo Rodriguez wrote:
> Jim Pingle wrote:
> > No, but since you compiled it on a different system and nobody els... Yuran Yastreb
06:42 PM Bug #11711 (Resolved): New Squid Status Page Non-Functional
Under Services --> Squid --> Status, the page does not load or work on 21.02 of 2.5 of pfSense and pfSense Plus. The... Kris Phillips
11:10 AM Feature #11201 (Resolved): Show iTLD Allow IDN domains
Tested on pfBlockerNG-devel 3.0.0_15 version.
It looks fine, the Total TLD Count is included and works as expecte... Danilo Zrenjanin
10:35 AM Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default
Tested on the latest release.
OpenVPN - Client Export Utility adds explicit-exit-notify in the client configurati... Danilo Zrenjanin

03/19/2021

08:58 PM Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
I note at least two issues remaining.
First, the config file is in @/usr/local/etc/rc.conf.d/@, but that directory... Joel Holveck
05:10 AM Bug #11204 (Feedback): Fix net-snmp logging to syslog
Merged Viktor Gurov
05:09 AM Bug #10990 (Feedback): net-snmp IPv6 listen address needs to be wrapped in square brackets
Merged Viktor Gurov
05:08 AM Bug #11039 (Resolved): route-map not working if Address Family is enabled.
Viktor Gurov

03/18/2021

07:47 PM Feature #11703 (New): add Krill and Routinator support BGP RPKI
From the perspective of safety and reliability, deploying your own RPKI facilities is the best option, so can these f... yon Liu
07:17 PM Bug #11693: IPv6 static routing fails
!https://i.imgur.com/vm8NKfi.jpg! yon Liu
11:47 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> No, but since you compiled it on a different system and nobody else had replicated it, it's unli... Edgardo Rodriguez
11:39 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
No, but since you compiled it on a different system and nobody else had replicated it, it's unlikely to be related wi... Jim Pingle
11:35 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> We haven't evaluated that patch yet, but it's unlikely to make it into the next release this lat... Edgardo Rodriguez
08:00 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
We haven't evaluated that patch yet, but it's unlikely to make it into the next release this late in the process. If ... Jim Pingle
11:38 AM Bug #11696 (Feedback): SquidGuard Disable "Groups ACL" no work
Merged Viktor Gurov
08:01 AM Bug #11696 (Pull Request Review): SquidGuard Disable "Groups ACL" no work
Jim Pingle
06:57 AM Bug #11696: SquidGuard Disable "Groups ACL" no work
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/75 Viktor Gurov
06:47 AM Bug #11696 (Resolved): SquidGuard Disable "Groups ACL" no work
https://forum.netgate.com/topic/162053/squidguard-disable-groups-acl-no-work-bug:
Pfsense 2.5.0
"Common ACL" is D... Viktor Gurov
07:38 AM Bug #11695 (Feedback): PHP error in the last step of the wizard
Merged Renato Botelho
07:05 AM Bug #11695: PHP error in the last step of the wizard
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/1 Viktor Gurov
06:06 AM Bug #11695 (Resolved): PHP error in the last step of the wizard
I get the following error message when trying to create a VPN using the AWS wizard:... Viktor Gurov

03/17/2021

08:46 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Wesley Lucio dos Santos
07:01 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Edgardo Rodriguez
06:55 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Asked on #openvpn-devel, this patch should fix this ticket:
https://patchwork.openvpn.net/patch/1550/
It is not r... Pippin MMD
07:38 PM Bug #11693 (Resolved): IPv6 static routing fails
ipv6 static routing rules do not work, when I setup 240e::/20 via wan dhcpv6 interface, but
it still via frr bgp oth... yon Liu

03/16/2021

07:28 PM Feature #11573: Custom Commands
Maybe web terminal is option here you wanted to ask, but pfsense already allow you run commands, not predefined one DRago_Angel [InV@DER]
05:05 PM Bug #11687: Fix download URLs for SecuriteInfo.com
A pull request fixing this bug can be found on "GitHub":https://github.com/pfsense/FreeBSD-ports/pull/1055. Markus *
04:55 PM Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com
The download URLs for the SecuriteInfo.com databases in the freshclam configuration are missing the SecuriteInfo.com ID. Markus *
04:33 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Well, confirmed what I stated before,
*enable_async_push=yes* breaks reconnect process when using server with UDP a... Edgardo Rodriguez
03:29 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
I found that, using tcp server mode reconnection works as expected (without needing to set lport 0, or nobind, or any... Edgardo Rodriguez
03:59 PM Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken
When the ACCEPTFILTER is generated all goes well except the last line which is ip prefix-list ACCEPTFILTER seq 10 per... Robert Sailer
01:54 PM Bug #11680 (Feedback): Saving HAProxy FrontEnd description with umlauts causes configuration restore
PR has been merged. Thanks! Renato Botelho
10:48 AM Bug #11680 (Pull Request Review): Saving HAProxy FrontEnd description with umlauts causes configuration restore
Jim Pingle
04:07 AM Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1054 Viktor Gurov
12:07 AM Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore
similar to #10442 Viktor Gurov
12:06 AM Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore
https://forum.netgate.com/topic/162010/saving-haproxy-config-causes-config-restore:
On pfSense 2.5.0, HAProxy, i t... Viktor Gurov
01:53 PM Bug #11640 (Feedback): Ntopng configuration and data loss when shutting down Redis
PR has been merged. Thanks! Renato Botelho
10:50 AM Bug #11683 (Pull Request Review): Certificate Manager page doesn't show FreeRADIUS used certificates
Jim Pingle
06:26 AM Bug #11683: Certificate Manager page doesn't show FreeRADIUS used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/74 Viktor Gurov
05:39 AM Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
10:49 AM Bug #11682 (Pull Request Review): Certificate Manager page do not show STunnel used certificates
Jim Pingle
05:35 AM Bug #11682: Certificate Manager page do not show STunnel used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/73 Viktor Gurov
05:33 AM Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
10:15 AM Bug #11366 (Pull Request Review): Arpwatch Cron Notification every 15 minutes
Jim Pingle
02:07 AM Bug #11366: Arpwatch Cron Notification every 15 minutes
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/72 Viktor Gurov
10:13 AM Bug #11681 (Pull Request Review): FRR generates invalid BFD configuration after removing interfaces
Jim Pingle
12:49 AM Bug #11681: FRR generates invalid BFD configuration after removing interfaces
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/71 Viktor Gurov
12:17 AM Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces
If you create a BFD peer configuration and set the Interface option to a value other than "Default",
and then remove... Viktor Gurov
09:27 AM Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
I can test whenever this hits the dev snaps. I assume this is incubating in 2.6 devl?
I'm not sure what you can di... Christian McDonald
08:10 AM Bug #11585 (Feedback): WireGuard kernel panic when changing peer port on assigned WireGuard interface
Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
06:13 AM Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
I *think* the issue is somewhere in here */usr/local/pkg/frr.inc*
in the segment as follows:... Yif Swery
05:58 AM Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
Viktor Gurov wrote:
> Unable to reproduce with FRR pkg 1.1.0_8 -
> frr starts successfully with the "Enable agentx"... Yif Swery

03/15/2021

10:29 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass... Edgardo Rodriguez

03/14/2021

07:23 AM Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
The problem is maybe not directly related, but I encountered this too, and if you wait 5mn before trying to reconnect... Stéphane BARBARAY
05:23 AM Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
Good day! I confirm the problem, I created a ticket, but I was told that this is not an error
https://redmine.pfsens... itfabrica Tech
06:48 AM Feature #10818: UDP Broadcast Relay
This is now a FreeBSD port: https://www.freshports.org/net/udpbroadcastrelay/ Steve Wheeler
12:16 AM Bug #11610 (Feedback): NET-SNMP is not setting the correct permissions on AgentX
Viktor Gurov

03/12/2021

09:32 PM Bug #11366 (New): Arpwatch Cron Notification every 15 minutes
Jim Pingle
07:55 PM Bug #11366: Arpwatch Cron Notification every 15 minutes
Thanks, your fix seems to have done the job, I haven't received any useless emails so far.
Edward Thomas wrote:
... Abdul Khaliq
07:38 PM Bug #11366: Arpwatch Cron Notification every 15 minutes
I found the bug in arpwatch.
The bug is in the file: /usr/local/arpwatch/sendmail_proxy.php
In the statement:
... Edward Thomas
12:49 PM Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
Updating subject for release notes. Jim Pingle

03/11/2021

02:06 PM Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:58 PM Bug #11605: Suricata can trigger PHP crash on SG-3100
Tested on [21.02.2 built on Thu Mar 11 09:10:56 EST 2021] with Suriata 4.1.9_5 on a fresh install.
# Enable ETOpen r... Marcos M
09:45 AM Bug #10983: pfBlockerNG not cleaning everything behind it
Just stumbled upon this error message from dhcpd, took a while to figure out I had a virtual IP set on that IP that I... Bug Reporter
02:17 AM Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
The problem seems worse than I thought : as soon as you restart an openvpn service, even as a server, or as soon as a... Stéphane BARBARAY

03/10/2021

02:14 PM Bug #11465 (Feedback): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
PR has been merged. Thanks! Renato Botelho
12:59 PM Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
When testing, attempt these configurations in order without removing anything unless noted otherwise:
* Create a t... Jim Pingle
01:00 PM Bug #11618 (Feedback): WireGuard using incorrect IPv6 tunnel address prefix length
Cherry-picked to RELENG_2_5_1 Renato Botelho
09:21 AM Bug #11618 (Waiting on Merge): WireGuard using incorrect IPv6 tunnel address prefix length
Jim Pingle
09:20 AM Bug #11618 (Feedback): WireGuard using incorrect IPv6 tunnel address prefix length
Applied in changeset commit:8579d26bfb0dea0386c61008ade222c0ea29aa98. Jim Pingle
09:16 AM Bug #11618: WireGuard using incorrect IPv6 tunnel address prefix length
That's easy enough to reproduce and check:
* Set WG instance tunnel address to include @2001:db8:1:ee71::1/64@ and... Jim Pingle
09:11 AM Bug #11640: Ntopng configuration and data loss when shutting down Redis
Jim Pingle wrote:
> There is also https://github.com/pfsense/FreeBSD-ports/pull/1053 for this -- not sure which way ... Viktor Gurov
08:14 AM Bug #11640: Ntopng configuration and data loss when shutting down Redis
There is also https://github.com/pfsense/FreeBSD-ports/pull/1053 for this -- not sure which way is better in the end. Jim Pingle
07:28 AM Bug #11640 (Pull Request Review): Ntopng configuration and data loss when shutting down Redis
Jim Pingle
06:10 AM Bug #11640: Ntopng configuration and data loss when shutting down Redis
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/70 Viktor Gurov
08:50 AM Bug #11650: FRR configuration broken on restore of manually edited FRR config sections
Jim Pingle wrote:
> Unless you can replicate this without any sections there at all (Remove them, don't leave them t... Andrew Green
08:19 AM Bug #11650: FRR configuration broken on restore of manually edited FRR config sections
Unless you can replicate this without any sections there at all (Remove them, don't leave them there but empty), I'm ... Jim Pingle
06:51 AM Bug #11650 (New): FRR configuration broken on restore of manually edited FRR config sections
SG-3100
21.02-RELEASE-p1 (arm)
built on Mon Feb 22 09:38:52 EST 2021
FRR package version 1.1.0_8
I could not... Andrew Green
08:21 AM Bug #11377: FRR deinstall
That would likely cause more harm in the long run, very few people would ever need to completely purge the configurat... Jim Pingle
06:54 AM Bug #11377: FRR deinstall
Jim Pingle wrote:
> Removing the leftover files is fine but I don't think this package needs the ability to reset/wi... Andrew Green
07:42 AM Bug #11620 (Resolved): OSPF Route Redistribution shows numbers instead of route map names
Jim Pingle
01:41 AM Bug #11620: OSPF Route Redistribution shows numbers instead of route map names
Tested on the latest release. It looks good now. Ticket resolved. Danilo Zrenjanin
07:13 AM Bug #11185 (Feedback): Redis service stopping before NtopNg
merged to 2.5/Plus branch:
https://github.com/pfsense/FreeBSD-ports/commit/892ed4669268ee7392eb3132a5c4179126e8f6dc#... Viktor Gurov

03/09/2021

06:37 PM Bug #11640 (Closed): Ntopng configuration and data loss when shutting down Redis
In addition to monitoring information, ntopng stores configuration/customization performed using the ntopng GUI in th... Denny Page
10:00 AM Bug #11580 (Resolved): FTP client proxy - source and destination bypass limitation
Tested on the latest release. I was able to define an alias in both Proxy Bypass: Source and Proxy Bypass: Destinati... Danilo Zrenjanin
02:16 AM Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Alexis Mestag wrote:
> Viktor Gurov wrote:
> > fix:
> > https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_r... Viktor Gurov
01:54 AM Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Viktor Gurov wrote:
> fix:
> https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/69
If you can pro... Alexis Mestag

03/08/2021

09:02 PM Bug #11637 (Resolved): Preprocs - possible to create two defaults
When creating a new server configuration, if you use the +Aliases button for the Bind-To Address and/or the Ports fie... Max Leighton
01:46 PM Bug #11135: HAproxy OCSP reponse crontab bug
Can this same fix be applied to the regular haproxy package as well as the -devel variant? Christopher Sutcliff
12:31 PM Bug #11582 (Pull Request Review): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Jim Pingle
07:23 AM Bug #11582 (New): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Alexis Mestag wrote:
> Sorry, there are still some issues, even after I successfully applied the patch, using the <c... Viktor Gurov
04:25 AM Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Sorry, there are still some issues, even after I successfully applied the patch, using the ... Alexis Mestag
12:30 PM Bug #11627 (Pull Request Review): rc file is not deleted
Jim Pingle
03:42 AM Bug #11627: rc file is not deleted
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/68 Viktor Gurov
12:30 PM Bug #11628 (Pull Request Review): ftp-proxy error messages in logs
Jim Pingle
02:34 AM Bug #11628: ftp-proxy error messages in logs
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/67 Viktor Gurov
01:04 AM Regression #11634 (Resolved): bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
I encounter a problem with bind since 2.5.0, it stops responding to queries each time an openvpn disconnection/connec... Stéphane BARBARAY

03/07/2021

11:11 PM Bug #11511 (Resolved): OSPF distribute List always empty
Viktor Gurov
11:11 PM Bug #11517 (Resolved): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
Viktor Gurov
04:42 AM Bug #11632 (Duplicate): unbound service not restarted on pfBlocker-devel install/reinstall
SG-3100 running 21.02_1 pfB-devel 3.0.0_15
I noticed on my upgrade from 2.5.4-p1 that unbound wasn't running after... Loh Phat

03/06/2021

07:12 PM Bug #11511: OSPF distribute List always empty
ACLs are shown up in OSPF GUI
fixed Alhusein Zawi

03/05/2021

09:03 PM Bug #11517: Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
Access list does not accept names with spaces
fixed
Alhusein Zawi
02:18 PM Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers
Right, and there is also no solution yet, but it's all the same problem with multiple (different) credentials.
Dep... Jim Pingle
02:04 PM Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers
Workaround in #8560 does not reliably work for this scenario of the bug. So effectively, there is no workaround. Ben Tyger
08:33 AM Feature #11349 (Feedback): Allow to set minimum TLS version
PR has been merged. Thanks! Renato Botelho
08:33 AM Bug #11582 (Feedback): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
PR has been merged. Thanks! Renato Botelho
08:29 AM Bug #11580 (Feedback): FTP client proxy - source and destination bypass limitation
PR has been merged. Thanks! Renato Botelho
08:26 AM Bug #8827 (Feedback): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
PR has been merged. Thanks! Renato Botelho
08:25 AM Bug #11620 (Feedback): OSPF Route Redistribution shows numbers instead of route map names
PR has been merged. Thanks! Renato Botelho
06:31 AM Bug #11628 (Resolved): ftp-proxy error messages in logs
Disabled ftp-proxy package causes errors in log:... Viktor Gurov
06:29 AM Bug #11627 (Resolved): rc file is not deleted
After disabling the arpwatch service, `/usr/local/etc/rc.d/arpwatch.sh` still exists
and you can see errors in log:
... Viktor Gurov
04:52 AM Feature #11405 (Resolved): add RPKI route map in GUI
frr 1.1.0_7 Viktor Gurov
04:51 AM Feature #11405: add RPKI route map in GUI
already there ('Enable BGP RPKI' option)
works as expected:... Viktor Gurov
04:21 AM Feature #11405 (New): add RPKI route map in GUI
"-M rpki" must be added to bgpd daemon command line,
see https://docs.frrouting.org/en/latest/bgp.html#enabling-rpki... Viktor Gurov
02:38 AM Feature #9315: Add Package: dnscrypt-proxy
According to "DNSCrypt Options" at https://nlnetlabs.nl/documentation/unbound/unbound.conf/ it seems the DNScrypt in ... Idar Lund

03/04/2021

11:03 PM Bug #11546 (Resolved): incorrect 'set as-path' command
Viktor Gurov
09:08 PM Bug #11546: incorrect 'set as-path' command
"Set" option is not in options list.
 Alhusein Zawi
09:52 AM Bug #11449 (Resolved): BIND fails during/after upgrade to 21.02/2.50
Renato Botelho
09:16 AM Bug #11449: BIND fails during/after upgrade to 21.02/2.50
It did fix the issue for me. Tchello Mello
08:47 AM Bug #11449: BIND fails during/after upgrade to 21.02/2.50
Is this bug fixed with the new version of the bind package release for pfsense ? Stefan Andersson
09:14 AM Bug #11620 (Pull Request Review): OSPF Route Redistribution shows numbers instead of route map names
Jim Pingle
05:23 AM Bug #11620: OSPF Route Redistribution shows numbers instead of route map names
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/66 Viktor Gurov
05:09 AM Bug #11620 (Resolved): OSPF Route Redistribution shows numbers instead of route map names
Routing using routing protocols has basically been broken to some extent. In my case I'm doing advanced routing with ... Viktor Gurov

03/03/2021

04:17 PM Bug #11618 (Closed): WireGuard using incorrect IPv6 tunnel address prefix length
Example; if I specify a tunnel with address fc00:bbbb:bbbb:bb01::9:xxxx/128, this is how it gets configured:... Reza Arbab
03:39 PM Bug #8827 (Pull Request Review): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
Jim Pingle
04:12 AM Bug #8827: Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/65 Viktor Gurov
03:31 PM Feature #11349 (Pull Request Review): Allow to set minimum TLS version
Jim Pingle
12:09 AM Feature #11349: Allow to set minimum TLS version
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/64 Viktor Gurov
01:25 PM Bug #10642 (Duplicate): ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys
Same root problem as #8560 Jim Pingle
01:25 PM Bug #11614 (Duplicate): ACME certificate renewal/creation fails with multiple DNS providers
Same root problem as #10642 and #8560 Jim Pingle
09:50 AM Bug #11614 (Duplicate): ACME certificate renewal/creation fails with multiple DNS providers
When trying to issue/renew ACME certificates to multiple different DNS providers with the DNS verification method, th... Ben Tyger
05:29 AM Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
Unable to reproduce with FRR pkg 1.1.0_8 -
frr starts successfully with the "Enable agentx" option:... Viktor Gurov
05:11 AM Bug #11610 (New): NET-SNMP is not setting the correct permissions on AgentX
When we go to FRR -> Global Settings -> (Scroll down to "Modules" and tick the "Enable agentx support for accessing F... Yif Swery

03/02/2021

08:36 PM Bug #11590: pfBlocker Issue when IPv6 is disabled
Fixed in pfBlockerNG-devel v3.0.0_14 BBcan177 .
12:27 PM Bug #11605 (Closed): Suricata can trigger PHP crash on SG-3100
Suricata and SNORT won't start on 21.02p1 SG3100. Appears to be an issue related to PHP see the following post for mo... Justin P
11:19 AM Bug #11449: BIND fails during/after upgrade to 21.02/2.50
Hello everybody,
I became aware of this bug report after finding this forum thread via googling: https://forum.net... Andreas Grommek
10:25 AM Feature #11601: Ability to disable/stop Service Watchdog
There is no need for two separate issues for the same problem. Any work to solve the other issue should stay on that ... Jim Pingle
10:21 AM Feature #11601: Ability to disable/stop Service Watchdog
Jim Pingle wrote:
> Duplicate of #11490
#11490 describes symptoms, this request suggest a solution. Yuri Weinstein
10:15 AM Feature #11601 (Duplicate): Ability to disable/stop Service Watchdog
Duplicate of #11490 Jim Pingle
10:09 AM Feature #11601 (Duplicate): Ability to disable/stop Service Watchdog
Use case: before upgrading a package like pfBlockerNG I remove `pfb_dnsbl`, `pfb_filter` and `unbound` from Service W... Yuri Weinstein
08:11 AM Bug #11543 (Duplicate): SquidGuard 1.16.18_15 - returning wrong page
duplicate of #8827 Viktor Gurov
04:40 AM Bug #11543: SquidGuard 1.16.18_15 - returning wrong page
I can reproduce this issue in SSL/MITM Mode = "Splice Whitelist, Bump Otherwise"
in "Splice All" mode returns the co... Viktor Gurov
05:04 AM Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Alexis Mestag wrote:
> It seems I don't have access to https://gitlab.netgate.com/.
> Is there a way for me to see ... Viktor Gurov
03:40 AM Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
It seems I don't have access to https://gitlab.netgate.com/.
Is there a way for me to see the patch (out of curiosit... Alexis Mestag
04:00 AM Bug #10608 (Feedback): Update squid port to 4.11-p2
Squid version in pfSense 2.5/21.02 is 4.13:... Viktor Gurov
03:58 AM Feature #11060 (Resolved): Block access to consumer Google accounts
works as expected on Squid pkg 0.4.45_3 - it blocks access to google accounts and adds youtube safesearch restrictions Viktor Gurov

03/01/2021

11:20 PM Bug #11591 (Duplicate): Could not install node exporter
duplicate of #11515
See fix in the next node_exporter version:
https://github.com/pfsense/FreeBSD-ports/commit/6e... Viktor Gurov
09:58 PM Bug #11591 (Duplicate): Could not install node exporter
I tried to install node_exporter and whilst the install appeared to complete successfully, I noticed it did not appea... Mark De Souza
10:01 PM Bug #11592 (New): Node exporter can not read system statistics
Each time I curl <ip of router>:9100 I receive the following log error:
level=error ts=2021-03-02T03:55:34.739Z ca... Mark De Souza
09:06 PM Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
There are a couple items to iron out in devel, so don't think too long. BBcan177 .
04:02 PM Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
Confirmed - created as an IPv6 rule in beta. Just means that all those out there using the "release" version are at r... Dave Tickem
09:01 PM Bug #11590 (Closed): pfBlocker Issue when IPv6 is disabled
I noticed a crash report this morning when I logged into pfsense. I have ipv6 disabled on my pfsense box but it appea... Mark De Souza
06:34 PM Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
Interestingly enough, I haven't had any panics on my cloud instances hosted on Vultr, though my instances hosted on-p... Christian McDonald
02:24 PM Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
Parts of the backtrace are similar to #11586 but it's not an exact match. Jim Pingle
02:22 PM Bug #11585 (New): WireGuard kernel panic when changing peer port on assigned WireGuard interface
Jim Pingle
02:22 PM Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface
Jim Pingle
02:19 PM Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
That does appear to be one we haven't seen yet:... Jim Pingle
02:06 PM Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
Also hitting this when changing the port on the local wg interface...sometimes. Sometimes changing the port is fine, ... Christian McDonald
01:59 PM Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface
All I did was change the port on peer 0. Christian McDonald
02:47 PM Bug #11582 (Pull Request Review): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Jim Pingle
02:13 PM Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/63 Viktor Gurov
09:25 AM Bug #11582 (Resolved): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Using the XML-RPC Sync feature of the FreeRADIUS package doesn't sync all configuration sections.
For example:
* ... Alexis Mestag
01:36 PM Bug #11580 (Pull Request Review): FTP client proxy - source and destination bypass limitation
Jim Pingle
11:19 AM Bug #11580: FTP client proxy - source and destination bypass limitation
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/62 Viktor Gurov
04:40 AM Bug #11580 (Resolved): FTP client proxy - source and destination bypass limitation
Not able to use alias in Proxy Bypass: Source and Proxy Bypass: Destination.
I tried to manually add to config.xml a... Michal Kubin
10:21 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
adding _nobind_ fixes the problems with viscosity on mac big sur not reconnecting after a disconnect. It continues to... IT Support
07:56 AM Bug #11459 (Feedback): pfBlockerNG doesn't include WireGuard interface in outbound floating rules
PR has been merged. Thanks! Renato Botelho
07:52 AM Feature #11560 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards
PR has been merged. Thanks! Renato Botelho
07:51 AM Feature #11533 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards
PR has been merged to 2.6.0/21.05 snapshots and will be cherry-picked to stable branches together with last binary up... Renato Botelho
07:48 AM Bug #11546 (Feedback): incorrect 'set as-path' command
PR has been merged. Thanks! Renato Botelho
07:48 AM Bug #11517 (Feedback): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
PR has been merged. Thanks! Renato Botelho
07:48 AM Bug #11511 (Feedback): OSPF distribute List always empty
PR has been merged. Thanks! Renato Botelho
07:40 AM Feature #10858 (Feedback): OpenVPN Client silent install
PR has been merged. Thanks! Renato Botelho
07:40 AM Feature #11520 (Feedback): Add 'explicit-exit-notify' option by default
PR has been merged. Thanks! Renato Botelho
07:36 AM Bug #11532 (Feedback): LCDproc service is not disabled
PR has been merged. Thanks! Renato Botelho
07:35 AM Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
PR has been merged. Thanks! Renato Botelho
03:26 AM Feature #11579 (New): Snort alerts or blocks trigger notifications
I use the default pfSense notifications under System -> Advanced -> Notifications, and I'd love to be able to receive... Offstage Roller
 

Also available in: Atom