pfSense » pfSense Packages

03/13/2022

08:17 PM Feature #9833: ACME: add ability to use custom ACME server

+1 for this as well.
Just started looking into sorting out the self-signed cert and thought there would be a better ... David Kemp

11:46 AM Bug #12912 (Resolved): ACME is failing to fully issue a new certificate

This works again on 0.7_4. Marcos M

03/12/2022

02:55 AM Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS

Installed HAproxy on the:... Danilo Zrenjanin

03/11/2022

06:51 PM Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid

https://www.tenable.com/plugins/nessus/156698
pfSense CE 2.6 and pfSense Plus 22.01 use ClamAV 0.104.1,1, which is... Kris Phillips

11:42 AM Bug #12924: DNS Resolver WireGuard ACL Inconsistency

Christian McDonald wrote in #note-2:
> Hi Kevin,
>
> I am having a hard time replicating this based on your initi... Kevin Mychal Ong

09:20 AM Bug #12924: DNS Resolver WireGuard ACL Inconsistency

Hi Kevin,
I am having a hard time replicating this based on your initial issue description. Can you please outline... Christian McDonald

11:08 AM Feature #12932 (New): pfblockerng per user whitelist

Have the ability to not have DNS blocking applied to certain IPs. Right now this can be written into Unbound using cu... Mike Moore

03/10/2022

03:42 PM Bug #12623: acme.sh package | DNS-ISPConfig settings

This one fixes the issue: https://github.com/acmesh-official/acme.sh/commit/01ace11293f4cf27f8e761114f48148bbcbad063 Morten Trab

03:05 PM Bug #12623: acme.sh package | DNS-ISPConfig settings

Leaving the Allow Insecure blank, results in a different error:... Morten Trab

02:37 PM Bug #12623: acme.sh package | DNS-ISPConfig settings

I should add, I tested the script and it is placing the correct variables into the environment and the script does se... Jim Pingle

02:32 PM Bug #12623 (New): acme.sh package | DNS-ISPConfig settings

The upstream code still has a problem. If you leave "Allow Insecure" blank now it should at least get past that part,... Jim Pingle

06:35 AM Bug #12623: acme.sh package | DNS-ISPConfig settings

I'm on 0.7_4 now and still see the exact same error - so no, still not fixed Morten Trab

06:45 AM Bug #12917: LoopiaAPI changed

Viktor Gurov wrote in #note-1:
> acme.sh updated to v3.0.2 in #12886
>
> Looks like we need to update acme.sh mon... Jim Pingle

02:07 AM Bug #12917: LoopiaAPI changed

acme.sh updated to v3.0.2 in #12886
Looks like we need to update acme.sh monthly/quarterly. Viktor Gurov

06:10 AM Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid

This is correct behavior.
The "Raw Config" tab is used for custom configuration:
https://docs.netgate.com/pfsense... Viktor Gurov

05:45 AM Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid

about FRR，When using vtysh to save the configuration, any changes to the webgui are invalid.
Because there are man... yon Liu

03/09/2022

12:38 PM Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Merged to devel and 22.01/2.6 Viktor Gurov

07:34 AM Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Jim Pingle

07:10 AM Bug #12869 (New): Bind DNS Package AAAA filtering Broken on new ZFS Installs

regression: https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-ar... Viktor Gurov

10:59 AM Bug #12924 (New): DNS Resolver WireGuard ACL Inconsistency

Initially, I had two pfsense nodes connected via the WireGuard package. My tunnel network was 10.0.3.0/30 for p2p. I ... Kevin Mychal Ong

10:57 AM Bug #12898: Update HAProxy Backend to Latest LTS

FreeBSD-ports merge:
https://github.com/pfsense/FreeBSD-ports/commit/da9ed529f30212fd826aebc3b7e896fce7a15217 Viktor Gurov

08:05 AM Bug #12898 (Feedback): Update HAProxy Backend to Latest LTS

Applied in changeset pfsense:commit:07fe3d3d60a61621171fbc0a1a5e42c1462fb5ed. Viktor Gurov

03/07/2022

03:51 PM Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service

I faced an issue similar to this with the Snort and Suricata packages some time back. I handled it there by always ch... Bill Meeks

10:02 AM Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service

The base system has no way to scan/inform packages about an interface being removed, it's up to the admin to maintain... Jim Pingle

09:30 AM Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service

Jim Pingle wrote in #note-1:
> PIMD has options to not behave that way.
>
> Sounds like what you really want is t... Pete Holzmann

08:26 AM Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service

PIMD has options to not behave that way.
Sounds like what you really want is to have PIMD set to "Bind to None" an... Jim Pingle

02:29 PM Feature #12918 (New): pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately

When pfBlockerNG-devel syncs its settings (e.g. custom IPv4 list) to a secondary firewall, the settings on the second... Marcos M

01:54 PM Bug #12917 (Resolved): LoopiaAPI changed

Any users using LoopiaAPI can't issue or renew certificates. This has been fixed upstream at the below link.
https... Christopher Cope

01:34 PM Bug #12916 (New): pfBlockerNG-devel cron job does not trigger xmlrpc sync

Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
pfBlockerNG-devel option "Enable Sync" with "Sync to host(s) d... Marcos M

11:01 AM Bug #12912 (Feedback): ACME is failing to fully issue a new certificate

Fix merged, will be in ACME pkg v 0.7_4.
In the meantime, check the debug option on a certificate and it should wo... Jim Pingle

10:44 AM Bug #12912 (Resolved): ACME is failing to fully issue a new certificate

Creating a new certificate in ACME is not working properly. The GUI output only shows that it generates the private k... Jim Pingle

10:58 AM Bug #12670: ACME package writes credentials to system log

If we try this again as a debug option we must test this better, at a minimum:
* Creating a new account key should... Jim Pingle

10:44 AM Bug #12670 (New): ACME package writes credentials to system log

The debug option added broke several things. It broke the ability to create account keys, and it is breaking new ACME... Jim Pingle

08:28 AM Feature #12909 (New): Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database

Convert the GeoIP lookup feature available on the ALERTS tab in the Suricata package to use the local GeoIP2 database... Bill Meeks

07:35 AM Bug #12898 (Pull Request Review): Update HAProxy Backend to Latest LTS

They are still putting out 2.2.x releases and it's a smaller and therefore safer jump. If that is OK then after a whi... Jim Pingle

03/06/2022

05:41 PM Feature #9833: ACME: add ability to use custom ACME server

Manny Tew wrote in #note-5:
> + 1 for this as well. This is critical for proper security in a homelab in 2021+ Inval... Manny Tew

05:30 PM Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service

At this point, pimd is unaware of nonexistent interfaces. This can lead to a kernel panic.
(My case: I removed newly... Pete Holzmann

04:31 AM Feature #11827: Please include acme deploy folder/scripts

+1 for this as well. Note, the certs seem to be stored in a non-standard acme.sh way under /conf/acme, so more work m... Simon Cosyd

01:28 AM Bug #12898: Update HAProxy Backend to Latest LTS

Kris Phillips wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > HAProxy-devel is already 2.4 (2026-Q2 (LTS))
... Viktor Gurov

03/05/2022

11:47 PM Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget

Viktor Gurov

02:47 PM Bug #12844: Invalid title link in the apcupsd package dashboard widget

Patch works to correct Apcupsd widget link to status page - applied to 22.01 and 22.05.a.20220305.0600 Jordan G

08:35 PM Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details

Sish Kitane wrote in #note-4:
> I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 packag... Kris Phillips

08:27 PM Bug #12898: Update HAProxy Backend to Latest LTS

Viktor Gurov wrote in #note-1:
> HAProxy-devel is already 2.4 (2026-Q2 (LTS))
>
> HAProxy-stable update to 2.2 ve... Kris Phillips

01:10 AM Bug #12898: Update HAProxy Backend to Latest LTS

HAProxy-devel is already 2.4 (2026-Q2 (LTS))
HAProxy-stable update to 2.2 version (2025-Q2 (LTS)):
https://gitlab... Viktor Gurov

03/04/2022

01:22 PM Bug #12899 (Resolved): Suricata doesn't honor Pass List

It sometimes blocks the hosts defined in the selected Pass List. No matter whether you used IP subnet or Alias under ... Danilo Zrenjanin

01:19 PM Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS

The version of HAProxy in stable is very old and due to be unsupported at the end of the year. We should really move... Kris Phillips

12:20 PM Todo #12865: RRD Summary improvements

cherry-picked to 22.01/2.6 Viktor Gurov

07:51 AM Todo #12865 (Feedback): RRD Summary improvements

Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/fb702643e590f7545cbbaf5bd4e5060f9ab293cc Viktor Gurov

12:20 PM Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs

cherry-picked to 22.01/2.6 Viktor Gurov

08:04 AM Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/a6943737bb6b2df2dcc050bd0db5ebf127be2df4 Viktor Gurov

03/03/2022

11:16 PM Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk

This bug causes a delay in boot processing when the ramdisk option is enabled. If the option is disabled, no delay i... Loh Phat

02:29 PM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists

>Thanks for the contribution! Its appreciated!
Sure thing! This solves a big problem for me :-)
Your revisions ... Charles Hamilton

02:03 PM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists

Great Thanks.
I have done some limited testing and it seems to be ok.
I made some minor formatting changes in ... BBcan177 .

07:46 AM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists

Ok, all done! https://github.com/pfsense/FreeBSD-ports/pull/1146 Charles Hamilton

09:01 AM Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions

Commit: https://github.com/pfsense/FreeBSD-ports/commit/29bab84437fcdde206f205610d341302093fa4f3
Package update is... Jim Pingle

08:47 AM Bug #12891 (Feedback): Trailing space in Acme Account Keys "name" breaks UI functions

Fix merged. Jim Pingle

08:39 AM Bug #12891 (Pull Request Review): Trailing space in Acme Account Keys "name" breaks UI functions

This approach is a more comprehensive fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/193
Jim Pingle

08:25 AM Bug #12891 (In Progress): Trailing space in Acme Account Keys "name" breaks UI functions

Jim Pingle

12:50 AM Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/192 Viktor Gurov

12:53 AM Feature #11531 (Feedback): Show netmap compatible cards in IPS Mode note

Merged Viktor Gurov

03/02/2022

04:56 PM Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions

If any ACME account key is entered into the UI with a trailing space in the name, the pfSense UI becomes unable to ha... Karl Fife

02:05 PM Bug #10656 (Closed): Acme letsencrypt doesn't change private key type

Jim Pingle

02:05 PM Feature #11948 (Closed): ACME: Support specifying non-default port for nsupdate DNS validation method

Jim Pingle

02:03 PM Feature #11879 (Feedback): Add support for SSL.com ACME server

The latest version of the ACME package now includes the new CAs.
Jim Pingle

02:02 PM Bug #12623 (Feedback): acme.sh package | DNS-ISPConfig settings

The fix for this is now in the latest ACME package. Please update and test it again to see if it works. Jim Pingle

02:01 PM Todo #12886 (Closed): Update acme.sh from upstream

No problems I can find so far. I picked it back to 22.01/2.6.0 for wider testing. Can tackle new issues as they come. Jim Pingle

08:37 AM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists

Sure thing! I'll close the other pull request, thanks! Charles Hamilton

06:10 AM Feature #12889 (New): FRR GUI add set ipv6 next-hop global

i need setup this. but frr webgui cant add
https://team-cymru.com/community-services/bogon-reference/bogon-refer... yon Liu

03/01/2022

08:56 PM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists

Thanks for the PR!
There isn't much development in "pfBlockerNG" as everything is taking place in "pfBlockerNG-devel... BBcan177 .

04:19 PM Todo #12886 (Feedback): Update acme.sh from upstream

Merged to devel and plus-devel for testing in snapshots. If it's OK there, can pick back to 22.01/2.6.0 Jim Pingle

09:58 AM Todo #12886 (Closed): Update acme.sh from upstream

It's been a while since the last upstream sync of acme.sh code and bringing in new providers. Need to sync up the for... Jim Pingle

12:45 PM Bug #12742 (Feedback): freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading

Thank You!
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/4497706f404be238cdfc41dacc00678ab329e575
http... Viktor Gurov

07:20 AM Bug #12742: freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading

For future reference:
https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/antora/modules/raddb/pages/m... Jim Pingle

02:42 AM Bug #12844 (Feedback): Invalid title link in the apcupsd package dashboard widget

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/086e17ae29cf61d1c09e88167ae73df7877fcae4 Viktor Gurov

02/28/2022

01:53 PM Feature #12882 (Resolved): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists

Sometimes it is desirable to tell cURL to use a specific interface when downloading IPv4/IPv6 pass/block lists. For e... Charles Hamilton

02/27/2022

10:47 PM Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details

I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 package for ntopng solved this and I th... Sish Kitane

02/25/2022

12:59 PM Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)

Tested on the:... Danilo Zrenjanin

10:49 AM Feature #12246 (Closed): Load a file into patch textarea

Works well, closing. Jim Pingle

07:43 AM Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Jim Pingle

05:52 AM Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/188 Viktor Gurov

02/24/2022

10:58 AM Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs

Thread that discusses this is here
https://forum.netgate.com/topic/169742/bind-dns-package-aaaa-filtering-problem
JohnPoz _

10:06 AM Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Reference this older bug for some background (#10413)
This breaks again in newer installs with zfs file systems du... Dean Weimer

07:34 AM Todo #12865 (Pull Request Review): RRD Summary improvements

Jim Pingle

03:14 AM Todo #12865: RRD Summary improvements

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/187 Viktor Gurov

03:01 AM Todo #12865 (Resolved): RRD Summary improvements

1) Wrong period, mirror date displayed:... Viktor Gurov

07:18 AM Feature #12860: add mmc-utils package to all images

We already build @mmc-utils@ for Plus and it can be installed manually from the CLI. Trying to build a GUI around it ... Jim Pingle

02/23/2022

05:35 PM Feature #12860: add mmc-utils package to all images

This would be helpful/useful now that ZFS is the new default, and/or for folks who don't realize some packages are "r... Steve Y

04:44 PM Feature #12860 (New): add mmc-utils package to all images

Both Netgate & 3rd party hardware integrators are increasingly using eMMC components.
SATA (& historically SCSI) d... David Burns

11:51 AM Feature #12658: Adding prometheus metrics to darkstat

I see that the package made it to FreeBSD version 13:
https://freebsd.pkgs.org/13/freebsd-amd64/darkstat-3.0.721.p... Karim Elatov

07:11 AM Feature #12859 (Resolved): Add Zabbix 6.0 LTS (agent and proxy) packages

New LTS release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.0.0
Zabbix 3.0 is out of ... Pim Janssen

02/22/2022

07:46 AM Bug #12844 (Pull Request Review): Invalid title link in the apcupsd package dashboard widget

Jim Pingle

02/21/2022

10:40 AM Bug #12845: softflowd wrong vlan tag

similar to #9486 Viktor Gurov

10:13 AM Bug #12845 (New): softflowd wrong vlan tag

When I try to send information about the vlan through IPFIX or Netflow v9, the vlan tag is incorrectly entered in the... Semyon Poklad

03:03 AM Bug #12623: acme.sh package | DNS-ISPConfig settings

Still an issue after updating to Acme 0.6.10_1 Morten Trab

12:11 AM Bug #12844: Invalid title link in the apcupsd package dashboard widget

fix:
https://github.com/pfsense/FreeBSD-ports/pull/1110 Viktor Gurov

12:11 AM Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget

clicking on the widget title results in an error:
https://192.168.1.1/apcupsd.widget.php - 404 not found
Viktor Gurov

02/18/2022

10:47 AM Bug #12822: IPv4 Source ASN format not working

Thanks for the report.
I think the issue is prefixing the input selection with with "AS" or "as".
The ASN list... BBcan177 .

04:09 AM Bug #12822 (Confirmed): IPv4 Source ASN format not working

On the new pfSense release 2.6 / 22.01 pfBlockerNG devel (3.1.0_1), the web page hangs when defining ASN with the cho... Danilo Zrenjanin

10:25 AM Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list

Viktor Gurov

10:18 AM Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list

Will do when/if i need it, for now I consider the issue resolved =) beermount beermount

10:12 AM Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list

beermount beermount wrote in #note-9:
> This patch works for me, mainly because it removes the ipv6 protocol lines. ... Viktor Gurov

10:02 AM Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list

This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept F... beermount beermount

08:27 AM Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/57918af9a19a9bec4ea8ca080f46c16517eeda7a Viktor Gurov

07:48 AM Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list

Jim Pingle

10:08 AM Bug #12820 (Resolved): Global Route Handling should use ipv6 route

Viktor Gurov

09:55 AM Bug #12820: Global Route Handling should use ipv6 route

Verified frr now produces the expected configuration. beermount beermount

08:27 AM Bug #12820 (Feedback): Global Route Handling should use ipv6 route

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1bc9946a6ceb2430bf28d141fd98f20dd46a979a Viktor Gurov

07:49 AM Bug #12820 (Pull Request Review): Global Route Handling should use ipv6 route

Jim Pingle

02/17/2022

11:58 PM Bug #12820: Global Route Handling should use ipv6 route

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/185 Viktor Gurov

01:25 PM Bug #12820 (Resolved): Global Route Handling should use ipv6 route

When adding static routes in Global Settings -> Route Handling. IPv6 routes are added with "ip route" I believe this ... beermount beermount

11:43 PM Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list

beermount beermount wrote in #note-5:
> Viktor Gurov wrote in #note-4:
> > Merged:
> > https://github.com/pfsense/... Viktor Gurov

02:01 PM Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list

Viktor Gurov wrote in #note-4:
> Merged:
> https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182... beermount beermount

10:00 AM Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2 Viktor Gurov

07:56 AM Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list

Jim Pingle

07:04 AM Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/182 Viktor Gurov

06:41 AM Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list

frr code does not create correct IPv6 prefix-list for IPv6 ACCEPTFILTER entries and does not have explicit 'permit an... Viktor Gurov

10:01 AM Bug #12818 (Resolved): IP block logging not working

On the new pfSense release 2.6 / 22.01 pfBlockerNG isn't logging.
The developer has released a patch below
https:... Christopher Cope

08:24 AM Bug #12475: OpenVPN Client Export does not show certificate without private key

This change has caused yet another problem with exporting certificates from server_tls_user mode.
Two things I not... Jonathan Herlin

07:56 AM Bug #12814 (Pull Request Review): OpenVPN Client Import does not populate 'remote_cert_tls' option

Jim Pingle

06:01 AM Bug #12814: OpenVPN Client Import does not populate 'remote_cert_tls' option

fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/48 Viktor Gurov

05:50 AM Bug #12814 (Resolved): OpenVPN Client Import does not populate 'remote_cert_tls' option

https://redmine.pfsense.org/issues/11865 introduced 'remote_cert_tls' option,
and if the imported .ovpn file contain... Viktor Gurov

02/16/2022

06:09 PM Feature #12812 (New): Would it be helpful if the FreeBSD net-mgmt/arpwatch port had an option to use mail/dma for mail delivery?

Currently arpwatch under pfsense uses a php script to emulate /usr/sbin/sendmail. If I added a port option to use mai... Craig Leres

09:28 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

I'm not able to reproduce this either. Can you post some redacted screenshots of your exact configuration? Christian McDonald

08:55 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

was testing done with multiple WG gateway groups like in aforementioned setup? Just FYI, WG tunnels had monitor IPs t... RED SKULL

08:51 AM Bug #12808 (Feedback): Wireguard Gateways disabled when Wireguard Service is Manually Restarted

Viktor Gurov

08:51 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

Unable to reproduce -
wireguard gateways works as expected after:
1) Restarting the Wireguard service on the Status... Viktor Gurov

04:46 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

This issue specifically occurs on PfSense 2.6 CE final release.
Once gateways are manually re-enabled, you can see t... RED SKULL

04:45 AM Bug #12808 (Resolved): Wireguard Gateways disabled when Wireguard Service is Manually Restarted

If the wireguard service is manually restarted at any time after boot, Wireguard gateways are automatically disabled ... RED SKULL

08:32 AM Bug #12802 (Feedback): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)

Merged
fixed in OpenVPN Client Export 1.0 Viktor Gurov

07:21 AM Bug #12802 (Pull Request Review): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)

MR: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/47 Jim Pingle

12:54 AM Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)

from man openvpn(5):... Viktor Gurov

06:51 AM Bug #12758 (Resolved): Route Handling Subnet field Input check

Tested on:... Danilo Zrenjanin

02/15/2022

08:15 PM Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)

Jim Pingle wrote in #note-1:
> Without seeing the configuration you imported it's hard to say what might have happene... cromo cromo

02:43 PM Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)

If you go to Diagnostics > Backup/Restore on the Config History tab and do a diff on the config entries before/after ... Jim Pingle

01:34 PM Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)

_*Disclaimer: You don't have a "OpenVPN Client Importer" category in your tracker, so I used OpenVPN Client Export*_
... cromo cromo

05:26 PM Todo #12806 (Closed): Update node_exporter to 1.3.1

Sorry if this isn't the right place to ask. I wasn't sure if pfSense published package updates separate from their ba... Logan Marchione

10:48 AM Feature #12718 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/e2470a23ca412103588c3c969d843311e0ef522a Viktor Gurov

10:47 AM Feature #12719 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/eaec5586b141176f90836135899eac5fb95e6013 Viktor Gurov

10:47 AM Bug #12739 (Feedback): Passlist generates invalid Virtual IP subnets

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/fec9c89964c53672bc930479209a8fdb24beeff9 Viktor Gurov

10:47 AM Bug #12683 (Feedback): snort_get_vpns_list() does not include OpenVPN CSO

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/bf49577abfb4dac2d3bd73e0371ded9341ce1b93 Viktor Gurov

03:18 AM Feature #11931 (New): Add support for validating a domain's ownership via Google Cloud Cloud DNS

Viktor Gurov

03:10 AM Feature #11931 (Duplicate): Add support for validating a domain's ownership via Google Cloud Cloud DNS

see also #9200 Viktor Gurov

03:16 AM Todo #9200: Add DNS support for Google domain to Acme manager

Kyle Klouzal wrote in #note-6:
> Google DNS is different from Google Domains. +1 for Google Domain support here..
se... Viktor Gurov

03:10 AM Bug #12799 (Duplicate): Missing ACME DNS Providers

Duplicate of #11931 Viktor Gurov

03:00 AM Feature #12795: Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist

https://github.com/pfsense/FreeBSD-ports/pull/1143 Viktor Gurov

02/14/2022

09:31 PM Bug #12799 (Duplicate): Missing ACME DNS Providers

Looking through the source I noticed there is support for some DNS providers that don't appear in the UI.
For exam... Robert Accettura

10:39 AM Bug #12777 (Feedback): STunnel writes config.xml on each start

Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/f27121710f8e501abe88e18bd3d59093b7b8d99b Viktor Gurov

10:39 AM Bug #12772 (Feedback): Syslog-ng writes config.xml on each start

Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/b3ed6fd6dfff4033f72b23894f9d700cb21ff08e Viktor Gurov

10:39 AM Bug #12765 (Feedback): AutoConfigBackup should ignore Lightsquid/lightparser cron changes

Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/f8656656e3971935fb69f09813574f4aa2fd0537 Viktor Gurov

10:38 AM Bug #12758 (Feedback): Route Handling Subnet field Input check

Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/d9e9265677cc33267a889452ef3bd6e8ac5dd960 Viktor Gurov

10:38 AM Bug #11686: FRR generated ACCEPTFILTER permit statement broken

Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/220928e87798109137caee263c4cb60338298576 Viktor Gurov

03:07 AM Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken

Tested on 22.01-RELEASE (built on Mon Feb 07 16:37:59 UTC 2022) with patch applied.
I see correct ACL sequence now... Azamat Khakimyanov

09:37 AM Feature #12795 (Resolved): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist

To prevent blocking the system update/pkg install if for some reason these domains are in DNSBL feeds Viktor Gurov

09:20 AM Feature #12789: Show expiration date of certificates in the ACME package list

The GUI shows the expiration date in the cert manager but the ACME package always shows the last renewal time which i... Jim Pingle

07:20 AM Bug #11836: FRR ACCEPTFILTER shows out of order prefix-list

It looks to me like, with the patch, the "seq xx" numbering has been corrected so that the "permit any" is always the... Matthew D

06:11 AM Bug #11836 (Assigned): FRR ACCEPTFILTER shows out of order prefix-list

Tested on 22.01-RELEASE (built on Mon Feb 07 16:37:59 UTC 2022) with patch from Bug #11686 applied.
I still see th... Azamat Khakimyanov

02/12/2022

05:14 PM Feature #12789 (Resolved): Show expiration date of certificates in the ACME package list

Acme certificates shows when a cert was issued. It would be far more useful if it displayed when a cert is going to ... adam felson

11:26 AM Bug #12386 (Resolved): ```bgp as-path``` and ```bgp community-list``` are present in configuration even when BGP daemon is not enabled

Tested:... Danilo Zrenjanin

01:57 AM Bug #12670 (Resolved): ACME package writes credentials to system log

Tested against:... Danilo Zrenjanin