Project

General

Profile

Activity

From 03/29/2021 to 04/27/2021

04/27/2021

11:17 AM Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2
Jim Pingle
11:12 AM Todo #11845: Update OpenVPN client export installers to 2.5.2
Jim Pingle wrote:
> Need to test that the Windows installer export buttons download a working executable installer w... Viktor Gurov
09:16 AM Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255206
https://github.com/irino/softflowd/issues/38
 Viktor Gurov
08:32 AM Bug #11756 (Pull Request Review): HaProxy does not transfer backend states during reload
Jim Pingle
05:19 AM Bug #11756: HaProxy does not transfer backend states during reload
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/82 Viktor Gurov
08:28 AM Bug #11847 (Pull Request Review): Filters not applied to PEER Groups
Jim Pingle
02:44 AM Bug #11847: Filters not applied to PEER Groups
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/81 Viktor Gurov
08:01 AM Bug #11853 (Duplicate): softflowd not sending flow data
Duplicate of #10436 Jim Pingle

04/26/2021

10:36 PM Bug #11853 (Duplicate): softflowd not sending flow data
No flows being exported from the firewall (as reported by capture on the firewall) and hence no flows being collected... Nigel Smith
07:53 AM Todo #11845: Update OpenVPN client export installers to 2.5.2
Need to test that the Windows installer export buttons download a working executable installer which installs the exp... Jim Pingle

04/24/2021

06:54 PM Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Confirmed pfBlockerNG 3.0.0_16 fixes this issue. There is a form validation that pops up at the top with a message n... Kris Phillips
06:14 PM Bug #11711: New Squid Status Page Non-Functional
Based on the error messages, it would seem it's something with TLS negotiation, which is odd since it works fine with... Kris Phillips
06:13 PM Bug #11711: New Squid Status Page Non-Functional
Status page with squidGuard disabled:
Squid Object Cache: Version 4.13
Build Info:
Service Name: squid
Start Ti... Kris Phillips
06:12 PM Bug #11711: New Squid Status Page Non-Functional
Error message that shows up in the Status page with squidGuard enabled:
HTTP/1.1 503 Service Unavailable
Server: ... Kris Phillips
06:08 PM Bug #11711: New Squid Status Page Non-Functional
Confirmed. You only need to enable squidGuard for the issue to become present. If you have it installed, but disabl... Kris Phillips
05:19 PM Todo #11845: Update OpenVPN client export installers to 2.5.2
21.02.2 reports the following versions while installing OvpnCE in package manager - openvpn-client-export-2.5.2/pfSen... Jordan G

04/23/2021

09:05 PM Bug #11848 (New): Issue with squid cache download speed
I found a strange problem, when testing squid's cache using https://www.internode.on.net/support/tools/speed_test/
T... ageekhere ageekhere
10:01 AM Bug #11847 (Resolved): Filters not applied to PEER Groups
When creating a Peer group and adding an AS/Prefix filter or route map to the peer group, the generated configuration... Grant Gordon

04/22/2021

03:12 PM Todo #11845 (Feedback): Update OpenVPN client export installers to 2.5.2
Done. Available now in OpenVPN client export pkg version 1.6 on Plus 21.02.2 and CE 2.5.1.
Will be in snapshots fo... Jim Pingle
02:31 PM Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2
OpenVPN 2.5.2 fixes some bugs and a noteworthy CVE, "CVE-2020-15078":https://community.openvpn.net/openvpn/wiki/CVE-2... Jim Pingle
09:30 AM Bug #11841 (New): FRR access lists default bahavior changed to permit by default
Free Range Routing's Access List behavior in pfSense 2.5.x has changed fundamentally from previous versions, changing... Gavin Owen
08:30 AM Bug #11838 (Needs Patch): FRR ospf6d consumes all available memory+swap after an interface event
In certain cases ospf6d will consume all RAM and swap after an interface event. For me, the easiest way to reproduce ... Jim Pingle
07:08 AM Feature #11837 (New): Increase field length of FRR Networks in Access Lists and Prefix Lists
The field lengths for the network statements within the Free Range Routing package's Access Control List and Prefix-L... Gavin Owen
06:40 AM Bug #11836 (Confirmed): FRR ACCEPTFILTER shows out of order prefix-list
Adding entries to the ACCEPTFILTER prefix-list creates erratic behavior within the FRR running configuration.
Have... Gavin Owen
03:02 AM Bug #11835 (New): FRR OSPF redistributed connected routes disappearing
pfSense/FRR is flushing and repropagating certain OSPF routes unnecessarily, causing outages.
Scenario is two fire... Gavin Owen

04/20/2021

04:07 PM Feature #11827 (New): Please include acme deploy folder/scripts
The acme project includes a @deploy@ folder with several dozen scripts available to the --deploy-hook switch.
pfSe... Pete Holzmann
02:02 PM Feature #11826 (New): Preserve acme SAN Method parameters for new cert creations
In a given environment, it is very likely that SAN Method parameters (eg API Token) will be identical for every SAN c... Pete Holzmann
07:01 AM Bug #11711: New Squid Status Page Non-Functional
it works fine after disabling SquidGuard Viktor Gurov

04/19/2021

06:23 PM Feature #11823 (New): Route handling enhancements
In some cases, we have hundreds of routes from OSPF protocol and we only want to accept few of them in the local rout... Bruno Solal
02:55 PM Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2
To address https://www.tenable.com/plugins/nessus/148516 ClamAV should be upgraded to 0.103.2 Max Leighton
08:27 AM Bug #11817: Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting
OK, I nuked my pfBLockerNG-devel config as other things were breaking. Please mark this as INVALID as I try again to... Loh Phat
07:31 AM Bug #11817 (Closed): Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting
Enabling this checkbox adds a line into the radvd.conf file which causes it to choke on startup thus causing IPv6 tra... Loh Phat

04/16/2021

10:37 AM Bug #11392 (Closed): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
Jim Pingle
09:05 AM Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)
Thank you for the suggested patch, but I think the rules update logic is going to need additional changes due to the ... Bill Meeks
03:06 AM Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)
This issue still is still there. It happened last night to 2 of our PFSense boxes. Snort crashes due to the update pr... Sander Peterse

04/15/2021

09:49 PM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
fixed.
"bgp network import-check" is shown up in configuration by default.
router bgp 61000
no bgp network i... Alhusein Zawi

04/13/2021

04:10 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
I can confirm that after upgrading our Netgate XG-7100 from 2.4.5p1 to 21.02.1 this issue began.
Neither the OpenV... Jason B

04/12/2021

08:39 PM Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Same issue for me also. No flows being exported from the firewall as reported by capture on the firewall. Any ideas o... Nigel Smith
12:15 PM Bug #11802 (New): FreeRADIUS sync
freeradius3 0.15.7_30 seems to have changed the XMLRPC Sync behavior in a recent update. This leads to the issue that... Michael Schefczyk
06:49 AM Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk'
More over now HAproxy 2.0 support alpn h2 on backend and from 2.2 it supported on http-check. Also default server par... DRago_Angel [InV@DER]

04/11/2021

05:17 AM Feature #11798 (Duplicate): HA Sync for FRR config
I'm using two pfSense firewalls in a cluster with CARP.
On both FRR is configured but there is no sync option from ... Robert Sailer

04/10/2021

06:27 PM Bug #11797 (Confirmed): Traffic Totals lost upon reboot when using a ramdisk for /var and /tmp
When using a ramdisk for /var and /tmp, RRD Data and log files are saved from the ramdisk to disk on a regular basis ... John Cornwell
09:21 AM Bug #11637: Preprocs - possible to create two defaults
Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:
When creating a new server ... Max Leighton

04/09/2021

08:24 PM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Resolved in pfBlockerNG v3.0.0_16 BBcan177 .
07:24 AM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
That's what I fixed yesterday but there isn't a new package yet. Wait for pfSense-pkg-frr version 1.1.0_10. Jim Pingle

04/08/2021

11:44 PM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
"bgp network import-check" will not be shown up in configuration if I did not enable it once.
if I enabled it it w... Alhusein Zawi
11:18 AM Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
Fixed committed and merged everywhere it is relevant. Jim Pingle
09:44 AM Bug #11392 (In Progress): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
This doesn't add the option when there is no @frrbgpadvanced@ config present, and it should since we want it to be th... Jim Pingle
11:06 AM Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"
Duplicate of #11745 Jim Pingle
10:09 AM Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"
I noticed that the field "Compression" is still being used in client export even when "Refuse any non-stub compressio... chiel chiel
07:20 AM Bug #11637 (Feedback): Preprocs - possible to create two defaults
PR merged on 2.6.0 / 2.5.1. It will be cherry-picked to stable after tests Renato Botelho

04/06/2021

11:45 PM Feature #11749: Option to disable NAT rule creation
I don't want to use the VIP Webservice in general, but the NAT rules are the biggest problem. I can't delete them and... Frank Gouton
07:41 AM Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
Looks like a settings issue, it's got an entry set to need a web root folder but the value is empty. Jim Pingle
01:53 AM Feature #11784 (New): squidguard auto update blacklist option
Would be nice to have an auto update blacklist option with a drop down menu for none, daily, weekly, fortnightly or m... ageekhere ageekhere

04/05/2021

05:44 PM Bug #11783: /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
user was admin during setup process so permissions to create a director should not have been an issue. Martin Thygesen
05:44 PM Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
Tried to setup acme on new firewall instance using old Key & ID from previous installation
Failed to write directory... Martin Thygesen
12:19 PM Bug #11780 (Rejected): Suricata package fails to prune suricata.log
The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting ... Kushdeep Chabba
09:20 AM Bug #11766 (Pull Request Review): Certificate no more pointed "in use" by haproxy
Jim Pingle

04/04/2021

10:32 AM Bug #11766: Certificate no more pointed "in use" by haproxy
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1059 Viktor Gurov

04/02/2021

11:58 AM Bug #11637: Preprocs - possible to create two defaults
This problem is corrected by Pull Request 1058 here: https://github.com/pfsense/FreeBSD-ports/pull/1058. This issue ... Bill Meeks

04/01/2021

12:21 PM Bug #11771: Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
Nevermind, it's the SSL business. The "Access Darkstat" button tries to use SSL and the browser is complaining and n... Jon V
12:10 PM Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
There must be something wrong in your testing. The firewall can't tell if it's being accessed by IP address or hostna... Jim Pingle
12:01 PM Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
Lets say you have a DNS entry "pfsense-local" the configuration of Darkstat only works when you navigate to 192.168.1... Jon V
12:00 PM Bug #11768 (Pull Request Review): FRR OSPF - Comment field within the ospf interfaces gets longer and longer
Jim Pingle
11:29 AM Bug #11768: FRR OSPF - Comment field within the ospf interfaces gets longer and longer
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/80 Viktor Gurov
08:56 AM Bug #11768 (Resolved): FRR OSPF - Comment field within the ospf interfaces gets longer and longer
The comment field in the assigned ospf interfaces gets longer e.g.
interface ovpns1
description "ospfd: vpn230 D... Robert Sailer
03:54 AM Bug #11766: Certificate no more pointed "in use" by haproxy
Also seeing this - see my comments in linked thread JohnPoz _
03:37 AM Bug #11766 (Resolved): Certificate no more pointed "in use" by haproxy
https://forum.netgate.com/topic/162606/certificate-no-more-pointed-in-use-by-haproxy:
I've seen in version 2.5 that ... Viktor Gurov

03/31/2021

07:58 AM Bug #11763 (New): Traffic graphs refresh issue
Using Windows 10 20H2 and Chrome 89.
If Main page of pfsense is opened with traffic graphs displayed for a while (... Laurent BONNIN
06:52 AM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Thanks @BBcan177, that was exactly it. Leave it to us dumb users to break stuff. lol. Jeff Strand
03:39 AM Bug #11756: HaProxy does not transfer backend states during reload
Hi Viktor, I do not think that the ticket you linked is correct. I am specifically talking about the config option "l... Florian Apolloner
03:11 AM Bug #11756: HaProxy does not transfer backend states during reload
fixed in haproxy-devel: #10599 Viktor Gurov

03/30/2021

08:47 PM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
When you enable Doh/DoT Blocking, you must select atleast one of the lists below. I will add some input validation an... BBcan177 .
04:33 AM Bug #11756 (Feedback): HaProxy does not transfer backend states during reload
When reloading Haproxy (due to config changes for instance) the newly started process does not seem to remember the e... Florian Apolloner

03/29/2021

05:41 PM Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Enabling the "DoH/DoT Blocking" option in "Firewall/pfBlockerNG/DNSBL/DNSBL SafeSearch" menu causes pfSense to crash.... Jeff Strand
01:54 PM Regression #11738 (Feedback): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Merged Renato Botelho
08:47 AM Regression #11738 (Pull Request Review): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Jim Pingle
08:53 AM Bug #11746 (Pull Request Review): Second LDAP server configuration misses the ipaNThash control attribute
Jim Pingle
08:52 AM Bug #11745 (Pull Request Review): Incorrect compress options in exported configuration when server is set to refuse compression
Jim Pingle
08:12 AM Feature #11719: ACME - Create script for DNSExit API
Netgate maintains the pfSense package for acme.sh (pfSense GUI, code to setup and invoke acme.sh, etc) but we do not ... Jim Pingle
07:55 AM Feature #10859 (Pull Request Review): Add avahi filtering feature to pfSense
Jim Pingle
05:24 AM Feature #11749 (New): Option to disable NAT rule creation
I'd like to have an option to disable the automatic NAT rule creation of DNSBL.
First I'd like to have full manual... Frank Gouton
 

Also available in: Atom