pfSense » pfSense Packages

08/06/2022

09:18 PM Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

Setting "Auto" for the algorithm also causes issues. Formerly, it used to error out on "Auto" not being a valid opti... Kris Phillips

08:54 PM Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages

The NUT package is in FreshPorts:
https://www.freshports.org/sysutils/nut/
This will be automatically brought in ... Kris Phillips

08:50 PM Feature #13370: Wireguard Dashboard status

Gil Gil wrote in #note-4:
> Ideally, it would be nice to see which Peers are connected, similar to the status of the... Kris Phillips

08:27 AM Bug #12706 (Resolved): pfBlockerNG and unbound does not work after switching /var to RAM disk

Tested:... Danilo Zrenjanin

06:14 AM Bug #13114: BIND calls rndc in rc_stop when named is not running

Any instructions on how to replicate/test this case would be appreciated. Danilo Zrenjanin

06:10 AM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

It's not a bug, then. The correct syntax must be manually entered in the Custom Options field in the OpenVPN base cli... Danilo Zrenjanin

01:09 AM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

In origin, the config was imported to 22.01.
With problems:
OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)... Lev Prokofev

08/05/2022

09:18 PM Feature #12658: Adding prometheus metrics to darkstat

Sorry to keep pestering about this, but I am wondering what else needs to be done to include this?
Thank you. Karim Elatov

02:18 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Which version(s) of the OpenVPN binary are in place on the _clients_ when they have problems / when they do not have ... Jim Pingle

01:46 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Tested on the:... Danilo Zrenjanin

08/04/2022

01:38 PM Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable

It seems like the Auto creation of the update-urls in Firewall->Aliases->URLs get some addition which should not be t... Per-Arne Hellarvik

08/01/2022

08:02 AM Bug #13380 (Feedback): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Is this a problem in base or in the OpenVPN client export package? The issue was opened under base (not packages), bu... Jim Pingle

06:47 AM Bug #12683 (Resolved): snort_get_vpns_list() does not include OpenVPN CSO

Tested on 22.05
OpenVPN CSO subnet/IP were successfully added as VPN Addresses into Snort Pass List
I marked th... Azamat Khakimyanov

04:16 AM Bug #11693 (Resolved): IPv6 static routing fails

Tested on 22.05
When I setup FRR static route 240d::/20 via DHCPv6 interface I got correct static route in frr.con... Azamat Khakimyanov

07/31/2022

11:21 AM Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces

Tested on 22.05
I wasn't able to reproduce this issue. After deleting interface which were chosen for BFD peer, I ... Azamat Khakimyanov

07/30/2022

09:38 PM Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

I tried to recreate this and got a different error message with the same Phase 1 settings:
Phase 1 Hash Algorithm ... Kris Phillips

09:20 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead def... Kris Phillips

07/29/2022

05:49 AM Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change

Tested:... Danilo Zrenjanin

04:39 AM Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Tested:... Danilo Zrenjanin

07/28/2022

05:29 AM Bug #13380 (Not a Bug): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Find that if the OpenVPN client has the "TCP" option of the remote (--remote host [port] [proto])
Example
@rem... Lev Prokofev

07/26/2022

04:13 PM Bug #12475 (New): OpenVPN Client Export does not show certificate without private key

I'm reopening this. The comments above about the $settings and $cert variable are correct. A symptom of this is that ... Marcos M

04:03 AM Regression #12160 (Resolved): An invalid configuration is generated when choosing TLS as the default protocol

Tested on 22.05 and on 22.09-DEV
There was no problem using TLS as a default protocol for syslog-ng. I was able su... Azamat Khakimyanov

07/25/2022

06:54 AM Bug #12114 (Resolved): syslog-ng only binds to the last specified interface

I can't reproduce this issue on 22.05 and on 22.09-DEV.
After choose several interfaces for Syslog-ng, in 'netstat... Azamat Khakimyanov

01:33 AM Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup

I was able to reproduce this issue on 21.05_2 (HAproxy 0.61_3) but since then on 22.01/22.05 and on 22.09-DEV "Virtua... Azamat Khakimyanov

07/24/2022

05:18 PM Bug #13360: Not All AS Prefixes are returned by WHOIS

Danilo Zrenjanin wrote in #note-3:
> I recommend trying with the pfBlockerNG-devel. Here is the list I got on the de... Alex Knop

07/23/2022

07:22 PM Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk

unable to recreate in the current dev build 22.09.a.20220722.0600 Jordan G

05:31 PM Feature #13361: Add Zabbix 6.2 (agent and proxy) packages

This is present in FreshPorts.
https://www.freshports.org/net-mgmt/zabbix62-agent/ Kris Phillips

07/22/2022

07:44 AM Bug #13360: Not All AS Prefixes are returned by WHOIS

I recommend trying with the pfBlockerNG-devel. Here is the list I got on the devel version:... Danilo Zrenjanin

05:51 AM Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files

Tested:... Danilo Zrenjanin

07/21/2022

05:57 PM Feature #13370: Wireguard Dashboard status

Ideally, it would be nice to see which Peers are connected, similar to the status of the OpenVPN widget.
This is a s... Gil Gil

07/20/2022

09:09 PM Feature #13370: Wireguard Dashboard status

What detail specifically? Marcos M

08:31 PM Feature #13370 (New): Wireguard Dashboard status

It would be nice if the WireGuard widget would give a little more detail on the Dashboard. Gil Gil

11:20 AM Bug #13368 (Resolved): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

The following P1 cipher suite is supported by Windows natively, yet the wizard prevents it:
AES256-GCM | 128 bits ... Marcos M

07/18/2022

08:02 AM Feature #13361 (Resolved): Add Zabbix 6.2 (agent and proxy) packages

New release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.2.0
https://www.freshports.or... Pim Janssen

07:53 AM Feature #12859: Add Zabbix 6.0 LTS (agent and proxy) packages

zabbix proxy 6 is available but i am unable to close the issue. Pim Janssen

07/17/2022

09:34 AM Bug #13360: Not All AS Prefixes are returned by WHOIS

Kris Phillips wrote in #note-1:
> I can confirm that subnet should be part of that ASN. However, I cannot recreate ... Alex Knop

04:45 AM Bug #13343: HAproxy cookie protection syntax needs updated

Hello,
the bug is there if the haproxy package installation dependency is set to use
haproxy22-2.2.22 (no more "rs... Johannes Goldynia

07/16/2022

08:32 PM Bug #13343: HAproxy cookie protection syntax needs updated

Hello,
Is this present on the stable or devel branch? Or both? Kris Phillips

08:21 PM Bug #13360: Not All AS Prefixes are returned by WHOIS

I can confirm that subnet should be part of that ASN. However, I cannot recreate this in pfBlockerNG. Are you runni... Kris Phillips

03:27 PM Bug #13360 (New): Not All AS Prefixes are returned by WHOIS

If you set up a rule to do WHOIS on AS4917, these are the prefixes returned by pfBlockerNG:
• 12.187.160.0/24
•... Alex Knop

12:05 PM Todo #13349 (Pull Request Review): Add note in WireGuard GUI regarding routing behavior for Allowed IPs

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/254 Marcos M

07/15/2022

02:00 PM Bug #13154: pfBlocker causing excessive CPU load

Michael Novotny wrote in #note-11:
> Interesting... I reinstalled pfBlocker (pfBlockerNG-devel 3.1.0_4) as I was not ... Denny Page

01:08 PM Bug #13154: pfBlocker causing excessive CPU load

Denny Page wrote in #note-10:
> Probably should confirm that the patch applied correctly. Assuming that you are runni... Michael Novotny

12:45 PM Bug #13154: pfBlocker causing excessive CPU load

Michael Novotny wrote in #note-9:
> The high cpu is still occurring with this patch applied and running on 22.05, re... Denny Page

08:17 AM Bug #13154: pfBlocker causing excessive CPU load

The high cpu is still occurring with this patch applied and running on 22.05, reboot, reloading package, etc. As sta... Michael Novotny

07/14/2022

08:42 AM Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column

Thanks so much, Bill! Appreciate your efforts. tasty ratz

08:30 AM Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column

The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks

08:31 AM Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)

The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks

08:30 AM Bug #13333: PHP error when saving Suricata rulesets

The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks

07/13/2022

06:24 PM Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)

The logic has been changed back to the original behavior by removing the _preg_quote()_ wrapping of the PCRE keyword ... Bill Meeks

06:22 PM Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column

Sortable columns have been added to the BLOCKS tab in the latest _pfSense-pkg-suricata-6.0.6_ version of the GUI pack... Bill Meeks

06:20 PM Bug #13333: PHP error when saving Suricata rulesets

This issue has been addressed in the new _pfSense-pkg-suricata-6.0.6_ update. Pull request posted here: https://githu... Bill Meeks

07/11/2022

06:49 PM Bug #13354 (New): Tinc VPN causes constant gateway up/down events, packages restarts and filter reloads

The latest pfSense Plus version broke the tinc VPN: When tinc connects it generates an event:... Flole Systems

06:31 PM Regression #13156: pfBlockerNG IP block stats do not work

luc Willems wrote in #note-15:
> found the issue why it was not working for me. the patch above, it was not "clear" ... Adrian Hansraj

07:43 AM Bug #10608 (Closed): Update squid port to 4.11-p2

Jim Pingle

03:59 AM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion

Any news on a solution for this issue? Djerk Geurts

07/10/2022

11:18 AM Todo #13349 (Resolved): Add note in WireGuard GUI regarding routing behavior for Allowed IPs

As specified here:
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/settings.html#wireguard-settings-peer
... Marcos M

04:05 AM Regression #13156: pfBlockerNG IP block stats do not work

found the issue why it was not working for me. the patch above, it was not "clear" for me it had to be ' _<space>_ '... luc Willems

07/09/2022

06:50 PM Bug #10900: /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz

This is very similar to https://redmine.pfsense.org/issues/11098 - testing covered using both "/root" and "/" as back... Jordan G

02:11 PM Bug #10608: Update squid port to 4.11-p2

[22.05-RELEASE][admin@pfSense.home.arpa]/root: pkg info squid
squid-5.4.1
Name : squid
Version ... Alhusein Zawi

10:43 AM Bug #13347: Setting BGP default-originate route map does not prepend the AS path

Side note I quickly tested setting a community using a route map on the default-originate statement and it worked. Se... Chris Linstruth

10:32 AM Bug #13347 (New): Setting BGP default-originate route map does not prepend the AS path

Setting a route-map on the default-originate statement or outbound routes to a BGP peer does not properly prepend the... Chris Linstruth

07/08/2022

05:59 AM Regression #13156: pfBlockerNG IP block stats do not work

same for me
using
pfsense+ V22.05
pfblockerNG-devel V3.1.0_4
basic setup using wizard.
manually edit the pf... luc Willems