pfSense » pfSense Packages

07/31/2022

11:21 AM Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces

Tested on 22.05
I wasn't able to reproduce this issue. After deleting interface which were chosen for BFD peer, I ... Azamat Khakimyanov

07/30/2022

09:38 PM Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

I tried to recreate this and got a different error message with the same Phase 1 settings:
Phase 1 Hash Algorithm ... Kris Phillips

09:20 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead def... Kris Phillips

07/29/2022

05:49 AM Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change

Tested:... Danilo Zrenjanin

04:39 AM Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Tested:... Danilo Zrenjanin

07/28/2022

05:29 AM Bug #13380 (Not a Bug): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Find that if the OpenVPN client has the "TCP" option of the remote (--remote host [port] [proto])
Example
@rem... Lev Prokofev

07/26/2022

04:13 PM Bug #12475 (New): OpenVPN Client Export does not show certificate without private key

I'm reopening this. The comments above about the $settings and $cert variable are correct. A symptom of this is that ... Marcos M

04:03 AM Regression #12160 (Resolved): An invalid configuration is generated when choosing TLS as the default protocol

Tested on 22.05 and on 22.09-DEV
There was no problem using TLS as a default protocol for syslog-ng. I was able su... Azamat Khakimyanov

07/25/2022

06:54 AM Bug #12114 (Resolved): syslog-ng only binds to the last specified interface

I can't reproduce this issue on 22.05 and on 22.09-DEV.
After choose several interfaces for Syslog-ng, in 'netstat... Azamat Khakimyanov

01:33 AM Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup

I was able to reproduce this issue on 21.05_2 (HAproxy 0.61_3) but since then on 22.01/22.05 and on 22.09-DEV "Virtua... Azamat Khakimyanov

07/24/2022

05:18 PM Bug #13360: Not All AS Prefixes are returned by WHOIS

Danilo Zrenjanin wrote in #note-3:
> I recommend trying with the pfBlockerNG-devel. Here is the list I got on the de... Alex Knop

07/23/2022

07:22 PM Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk

unable to recreate in the current dev build 22.09.a.20220722.0600 Jordan G

05:31 PM Feature #13361: Add Zabbix 6.2 (agent and proxy) packages

This is present in FreshPorts.
https://www.freshports.org/net-mgmt/zabbix62-agent/ Kris Phillips

07/22/2022

07:44 AM Bug #13360: Not All AS Prefixes are returned by WHOIS

I recommend trying with the pfBlockerNG-devel. Here is the list I got on the devel version:... Danilo Zrenjanin

05:51 AM Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files

Tested:... Danilo Zrenjanin

07/21/2022

05:57 PM Feature #13370: Wireguard Dashboard status

Ideally, it would be nice to see which Peers are connected, similar to the status of the OpenVPN widget.
This is a s... Gil Gil

07/20/2022

09:09 PM Feature #13370: Wireguard Dashboard status

What detail specifically? Marcos M

08:31 PM Feature #13370 (New): Wireguard Dashboard status

It would be nice if the WireGuard widget would give a little more detail on the Dashboard. Gil Gil

11:20 AM Bug #13368 (Resolved): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

The following P1 cipher suite is supported by Windows natively, yet the wizard prevents it:
AES256-GCM | 128 bits ... Marcos M

07/18/2022

08:02 AM Feature #13361 (Resolved): Add Zabbix 6.2 (agent and proxy) packages

New release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.2.0
https://www.freshports.or... Pim Janssen

07:53 AM Feature #12859: Add Zabbix 6.0 LTS (agent and proxy) packages

zabbix proxy 6 is available but i am unable to close the issue. Pim Janssen

07/17/2022

09:34 AM Bug #13360: Not All AS Prefixes are returned by WHOIS

Kris Phillips wrote in #note-1:
> I can confirm that subnet should be part of that ASN. However, I cannot recreate ... Alex Knop

04:45 AM Bug #13343: HAproxy cookie protection syntax needs updated

Hello,
the bug is there if the haproxy package installation dependency is set to use
haproxy22-2.2.22 (no more "rs... Johannes Goldynia

07/16/2022

08:32 PM Bug #13343: HAproxy cookie protection syntax needs updated

Hello,
Is this present on the stable or devel branch? Or both? Kris Phillips

08:21 PM Bug #13360: Not All AS Prefixes are returned by WHOIS

I can confirm that subnet should be part of that ASN. However, I cannot recreate this in pfBlockerNG. Are you runni... Kris Phillips

03:27 PM Bug #13360 (New): Not All AS Prefixes are returned by WHOIS

If you set up a rule to do WHOIS on AS4917, these are the prefixes returned by pfBlockerNG:
• 12.187.160.0/24
•... Alex Knop

12:05 PM Todo #13349 (Pull Request Review): Add note in WireGuard GUI regarding routing behavior for Allowed IPs

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/254 Marcos M

07/15/2022

02:00 PM Bug #13154: pfBlocker causing excessive CPU load

Michael Novotny wrote in #note-11:
> Interesting... I reinstalled pfBlocker (pfBlockerNG-devel 3.1.0_4) as I was not ... Denny Page

01:08 PM Bug #13154: pfBlocker causing excessive CPU load

Denny Page wrote in #note-10:
> Probably should confirm that the patch applied correctly. Assuming that you are runni... Michael Novotny

12:45 PM Bug #13154: pfBlocker causing excessive CPU load

Michael Novotny wrote in #note-9:
> The high cpu is still occurring with this patch applied and running on 22.05, re... Denny Page

08:17 AM Bug #13154: pfBlocker causing excessive CPU load

The high cpu is still occurring with this patch applied and running on 22.05, reboot, reloading package, etc. As sta... Michael Novotny

07/14/2022

08:42 AM Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column

Thanks so much, Bill! Appreciate your efforts. tasty ratz

08:30 AM Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column

The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks

08:31 AM Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)

The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks

08:30 AM Bug #13333: PHP error when saving Suricata rulesets

The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks

07/13/2022

06:24 PM Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)

The logic has been changed back to the original behavior by removing the _preg_quote()_ wrapping of the PCRE keyword ... Bill Meeks

06:22 PM Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column

Sortable columns have been added to the BLOCKS tab in the latest _pfSense-pkg-suricata-6.0.6_ version of the GUI pack... Bill Meeks

06:20 PM Bug #13333: PHP error when saving Suricata rulesets

This issue has been addressed in the new _pfSense-pkg-suricata-6.0.6_ update. Pull request posted here: https://githu... Bill Meeks

07/11/2022

06:49 PM Bug #13354 (New): Tinc VPN causes constant gateway up/down events, packages restarts and filter reloads

The latest pfSense Plus version broke the tinc VPN: When tinc connects it generates an event:... Flole Systems

06:31 PM Regression #13156: pfBlockerNG IP block stats do not work

luc Willems wrote in #note-15:
> found the issue why it was not working for me. the patch above, it was not "clear" ... Adrian Hansraj

07:43 AM Bug #10608 (Closed): Update squid port to 4.11-p2

Jim Pingle

03:59 AM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion

Any news on a solution for this issue? Djerk Geurts

07/10/2022

11:18 AM Todo #13349 (Resolved): Add note in WireGuard GUI regarding routing behavior for Allowed IPs

As specified here:
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/settings.html#wireguard-settings-peer
... Marcos M

04:05 AM Regression #13156: pfBlockerNG IP block stats do not work

found the issue why it was not working for me. the patch above, it was not "clear" for me it had to be ' _<space>_ '... luc Willems

07/09/2022

06:50 PM Bug #10900: /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz

This is very similar to https://redmine.pfsense.org/issues/11098 - testing covered using both "/root" and "/" as back... Jordan G

02:11 PM Bug #10608: Update squid port to 4.11-p2

[22.05-RELEASE][admin@pfSense.home.arpa]/root: pkg info squid
squid-5.4.1
Name : squid
Version ... Alhusein Zawi

10:43 AM Bug #13347: Setting BGP default-originate route map does not prepend the AS path

Side note I quickly tested setting a community using a route map on the default-originate statement and it worked. Se... Chris Linstruth

10:32 AM Bug #13347 (New): Setting BGP default-originate route map does not prepend the AS path

Setting a route-map on the default-originate statement or outbound routes to a BGP peer does not properly prepend the... Chris Linstruth

07/08/2022

05:59 AM Regression #13156: pfBlockerNG IP block stats do not work

same for me
using
pfsense+ V22.05
pfblockerNG-devel V3.1.0_4
basic setup using wizard.
manually edit the pf... luc Willems

07/06/2022

11:03 AM Bug #13343 (Resolved): HAproxy cookie protection syntax needs updated

A bug has been found after UPdate to pfSense plus 22.05: the generated code by HaProxy-GUI... Johannes Goldynia

07/05/2022

01:46 PM Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3

Johannes Goldynia
Please open a new bug report for the HSTS / Cookie protection issue. Marcos M

07:59 AM Bug #13332 (Rejected): HAProxy Broken after v22.05 and HAProxy v0.61_3

There is no way the package can possibly track and warn about custom configuration directives. By definition it does ... Jim Pingle

08:09 AM Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections

This is almost certainly a configuration problem with your OpenVPN setup and/or FRR settings. This site is not for su... Jim Pingle

08:07 AM Bug #13328 (Not a Bug): Wireguard Site-to-Site broken after upgrade to 22.05

This is unlikely to be a bug, but something in your configuration or environment. It's working for many others in sim... Jim Pingle

07/04/2022

08:14 PM Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections

Scenario:
OpenVPN cloud is utilized to connect two pfsense routers behind CGNAT to allow for site to site connectivi... Devan Bhagat

11:04 AM Bug #11098 (Resolved): Backup Files and Directories plugin crashes firewall if /root specified as backup location

I'll close this given that the original issue (crash) no longer happens. There's still the issue of the package locki... Marcos M

10:32 AM Bug #13333: PHP error when saving Suricata rulesets

Marcos Mendoza wrote in #note-2:
> It happened a while ago as you can tell from the timestamp, unfortunately I don't... Bill Meeks

07/03/2022

11:35 PM Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location

my apologies, I did misunderstand the initial report
in case of specifying "/root/" as path, the backup button produ... Jordan G

06:42 PM Bug #13333: PHP error when saving Suricata rulesets

It happened a while ago as you can tell from the timestamp, unfortunately I don't remember the exact details to repro... Marcos M

04:14 PM Bug #13333: PHP error when saving Suricata rulesets

Can you add a little more detail for this statement: " _This was triggered when existing rules were auto-enabled by ... Bill Meeks

12:59 PM Bug #13333 (Resolved): PHP error when saving Suricata rulesets

In some cases, @$enabled_rulesets_array@ in @suricata_rulesets.php@ may not be an array which results in the followin... Marcos M

12:20 PM Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3

Hello,
updating the pass-trough rules to... Johannes Goldynia

02:58 AM Bug #13328: Wireguard Site-to-Site broken after upgrade to 22.05

After reading through here, I think this might be related to this
https://redmine.pfsense.org/issues/12808
I never h... Sebastian Schmid

07/02/2022

11:34 PM Bug #13332 (Rejected): HAProxy Broken after v22.05 and HAProxy v0.61_3

If you are using HAProxy deprecated rspidel directive on your frontends or the option option httpchk on backends, HAP... Rick Strangman

08:41 PM Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location

Jordan Greene wrote in #note-11:
> attempted creation of backup for "/" - after creating the entry and using the back... Kris Phillips

05:14 PM Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location

attempted creation of backup for "/" - after creating the entry and using the backup button, I'm eventually given 504... Jordan G

10:58 AM Regression #13156: pfBlockerNG IP block stats do not work

This fix doesn't work for me, I still can't get any logging of IP blocks, even though the dashboard counter shows it ... Adrian Hansraj

04:02 AM Bug #13328 (Not a Bug): Wireguard Site-to-Site broken after upgrade to 22.05

Hi,
I upgraded from 22.01 to 22.05. Everything went fine.
Plus home license on virtualized system
On Upgrade the... Sebastian Schmid