pfSense » pfSense Packages

08/13/2022

06:43 PM Bug #13404: LDAP authentication does not working

Hello,
The virtual-server-default config file is generated from the webConfigurator in freeRADIUS. You shouldn't ... Kris Phillips

06:31 PM Bug #13409 (Confirmed): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only

Confirmed on 22.05. Pressing the button does nothing in HTTP mode. Switches back to HTTPS and it functioned as expe... Kris Phillips

06:28 PM Bug #13410: ClamAV 0.104.2 is subject to several vulnerabilies

The latest is on Freshports. We should probably bump the pfSense squid package up a version and pull in the updated ... Kris Phillips

01:13 PM Bug #12506 (Resolved): Only selected instance is restarted on suppress list change

Tested against:... Danilo Zrenjanin

09:29 AM Bug #12036: Certificate Manager page do not show Zabbix used certificates

Tested:... Danilo Zrenjanin

01:25 AM Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined

https://forum.netgate.com/topic/174018/squidguard-rewrite-rule-bug
If manually modify the squidguard configuration f... UserPfbUg User

01:21 AM Bug #13412 (New): SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined

So, SquidGuard - Rewrites
If we create a new rewrite rule, add 1 rewrite condition and save it, Apply, it works ... UserPfbUg User

08/12/2022

08:02 AM Bug #13410 (New): ClamAV 0.104.2 is subject to several vulnerabilies

The current ClamAV pkg: clamav-0.104.2,1 is subject to a number of new vulnerabilites:
https://blog.clamav.net/2022/... Steve Wheeler

06:35 AM Bug #13409 (Pull Request Review): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only

Under *VPN/WireGuard/Peers/Edit* - *Optional pre-shared key for this tunnel* Copy button works only when the GUI runs... Danilo Zrenjanin

06:29 AM Bug #12258 (Resolved): Copy key buttons only work in HTTPS mode

Tested against:... Danilo Zrenjanin

02:36 AM Bug #13404: LDAP authentication does not working

I can add moreover that I don't have any admin privileges on the ldap server and the ldap doesn't store any password ... Ettore Caprella

08/11/2022

03:29 PM Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable

The @<br />@ shown there is done on purpose - this affects the alias details when hovering over an alias on the firew... Marcos M

09:12 AM Bug #13405 (New): Wireguard: The webgui becomes excessively slow to respond with a large number of peers

Webgui pages that include data from Wireguard can become very slow to respond with a large number of elements present... Steve Wheeler

07:50 AM Bug #12414 (Resolved): DNSBL SafeSearch page displays input validation error if DoH / DoT blocking is not enabled

Tested:... Danilo Zrenjanin

04:51 AM Bug #13404 (Not a Bug): LDAP authentication does not working

Hi all,
has anyone encountered this particular issue with Freeradius3 0.15.7_33 with LDAP when a user tries to authe... Ettore Caprella

04:35 AM Feature #13403 (New): Option to suppress graphing for individual thermal zones

As in many systems the thermal_tz1 and thermal_tz0 are invariant (not really present) it would be nice if they could ... odo maitre

08/10/2022

03:34 PM Feature #13402 (New): Monitor graph thermal sensors F option vs just C

So the thermal widget allows showing temps in F, but if you look at the monitor graph it is only in C.
Allow for t... JohnPoz _

06:37 AM Bug #13395: pfBlockerNG changes firewall URLs to unparseable

pfSense 22.05
pfBlockerNG-devel 3.1.0_4
Steps to recreate:
Run wizard and (re)create the default setup.
It mi... Per-Arne Hellarvik

06:16 AM Bug #13395: pfBlockerNG changes firewall URLs to unparseable

I couldn't replicate the issue on the 22.05 pfSense release.
I tested against:... Danilo Zrenjanin

08/09/2022

07:47 AM Bug #12206 (Resolved): Certificate Manager page doesn't show Net-SNMP used certificates

Azamat Khakimyanov

08/08/2022

11:52 AM Bug #12206 (Assigned): Certificate Manager page doesn't show Net-SNMP used certificates

Tested on 22.05
After configuring CA and Certificate for Net-SNMP, and choosing 'Interface Binding: TLS/TCP' I saw N... Azamat Khakimyanov

06:58 AM Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute

Tested on 22.05
Both LDAP server configurations have ipaNThash control attribute.
I marked this Bug as resolved. Azamat Khakimyanov

08/06/2022

09:18 PM Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

Setting "Auto" for the algorithm also causes issues. Formerly, it used to error out on "Auto" not being a valid opti... Kris Phillips

08:54 PM Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages

The NUT package is in FreshPorts:
https://www.freshports.org/sysutils/nut/
This will be automatically brought in ... Kris Phillips

08:50 PM Feature #13370: Wireguard Dashboard status

Gil Gil wrote in #note-4:
> Ideally, it would be nice to see which Peers are connected, similar to the status of the... Kris Phillips

08:27 AM Bug #12706 (Resolved): pfBlockerNG and unbound does not work after switching /var to RAM disk

Tested:... Danilo Zrenjanin

06:14 AM Bug #13114: BIND calls rndc in rc_stop when named is not running

Any instructions on how to replicate/test this case would be appreciated. Danilo Zrenjanin

06:10 AM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

It's not a bug, then. The correct syntax must be manually entered in the Custom Options field in the OpenVPN base cli... Danilo Zrenjanin

01:09 AM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

In origin, the config was imported to 22.01.
With problems:
OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)... Lev Prokofev

08/05/2022

09:18 PM Feature #12658: Adding prometheus metrics to darkstat

Sorry to keep pestering about this, but I am wondering what else needs to be done to include this?
Thank you. Karim Elatov

02:18 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Which version(s) of the OpenVPN binary are in place on the _clients_ when they have problems / when they do not have ... Jim Pingle

01:46 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Tested on the:... Danilo Zrenjanin

08/04/2022

01:38 PM Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable

It seems like the Auto creation of the update-urls in Firewall->Aliases->URLs get some addition which should not be t... Per-Arne Hellarvik

08/01/2022

08:02 AM Bug #13380 (Feedback): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Is this a problem in base or in the OpenVPN client export package? The issue was opened under base (not packages), bu... Jim Pingle

06:47 AM Bug #12683 (Resolved): snort_get_vpns_list() does not include OpenVPN CSO

Tested on 22.05
OpenVPN CSO subnet/IP were successfully added as VPN Addresses into Snort Pass List
I marked th... Azamat Khakimyanov

04:16 AM Bug #11693 (Resolved): IPv6 static routing fails

Tested on 22.05
When I setup FRR static route 240d::/20 via DHCPv6 interface I got correct static route in frr.con... Azamat Khakimyanov

07/31/2022

11:21 AM Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces

Tested on 22.05
I wasn't able to reproduce this issue. After deleting interface which were chosen for BFD peer, I ... Azamat Khakimyanov

07/30/2022

09:38 PM Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

I tried to recreate this and got a different error message with the same Phase 1 settings:
Phase 1 Hash Algorithm ... Kris Phillips

09:20 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead def... Kris Phillips

07/29/2022

05:49 AM Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change

Tested:... Danilo Zrenjanin

04:39 AM Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Tested:... Danilo Zrenjanin

07/28/2022

05:29 AM Bug #13380 (Not a Bug): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Find that if the OpenVPN client has the "TCP" option of the remote (--remote host [port] [proto])
Example
@rem... Lev Prokofev

07/26/2022

04:13 PM Bug #12475 (New): OpenVPN Client Export does not show certificate without private key

I'm reopening this. The comments above about the $settings and $cert variable are correct. A symptom of this is that ... Marcos M

04:03 AM Regression #12160 (Resolved): An invalid configuration is generated when choosing TLS as the default protocol

Tested on 22.05 and on 22.09-DEV
There was no problem using TLS as a default protocol for syslog-ng. I was able su... Azamat Khakimyanov

07/25/2022

06:54 AM Bug #12114 (Resolved): syslog-ng only binds to the last specified interface

I can't reproduce this issue on 22.05 and on 22.09-DEV.
After choose several interfaces for Syslog-ng, in 'netstat... Azamat Khakimyanov

01:33 AM Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup

I was able to reproduce this issue on 21.05_2 (HAproxy 0.61_3) but since then on 22.01/22.05 and on 22.09-DEV "Virtua... Azamat Khakimyanov

07/24/2022

05:18 PM Bug #13360: Not All AS Prefixes are returned by WHOIS

Danilo Zrenjanin wrote in #note-3:
> I recommend trying with the pfBlockerNG-devel. Here is the list I got on the de... Alex Knop

07/23/2022

07:22 PM Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk

unable to recreate in the current dev build 22.09.a.20220722.0600 Jordan G

05:31 PM Feature #13361: Add Zabbix 6.2 (agent and proxy) packages

This is present in FreshPorts.
https://www.freshports.org/net-mgmt/zabbix62-agent/ Kris Phillips

07/22/2022

07:44 AM Bug #13360: Not All AS Prefixes are returned by WHOIS

I recommend trying with the pfBlockerNG-devel. Here is the list I got on the devel version:... Danilo Zrenjanin

05:51 AM Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files

Tested:... Danilo Zrenjanin

07/21/2022

05:57 PM Feature #13370: Wireguard Dashboard status

Ideally, it would be nice to see which Peers are connected, similar to the status of the OpenVPN widget.
This is a s... Gil Gil

07/20/2022

09:09 PM Feature #13370: Wireguard Dashboard status

What detail specifically? Marcos M

08:31 PM Feature #13370 (New): Wireguard Dashboard status

It would be nice if the WireGuard widget would give a little more detail on the Dashboard. Gil Gil

11:20 AM Bug #13368 (Resolved): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

The following P1 cipher suite is supported by Windows natively, yet the wizard prevents it:
AES256-GCM | 128 bits ... Marcos M

07/18/2022

08:02 AM Feature #13361 (Resolved): Add Zabbix 6.2 (agent and proxy) packages

New release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.2.0
https://www.freshports.or... Pim Janssen

07:53 AM Feature #12859: Add Zabbix 6.0 LTS (agent and proxy) packages

zabbix proxy 6 is available but i am unable to close the issue. Pim Janssen

07/17/2022

09:34 AM Bug #13360: Not All AS Prefixes are returned by WHOIS

Kris Phillips wrote in #note-1:
> I can confirm that subnet should be part of that ASN. However, I cannot recreate ... Alex Knop

04:45 AM Bug #13343: HAproxy cookie protection syntax needs updated

Hello,
the bug is there if the haproxy package installation dependency is set to use
haproxy22-2.2.22 (no more "rs... Johannes Goldynia

07/16/2022

08:32 PM Bug #13343: HAproxy cookie protection syntax needs updated

Hello,
Is this present on the stable or devel branch? Or both? Kris Phillips

08:21 PM Bug #13360: Not All AS Prefixes are returned by WHOIS

I can confirm that subnet should be part of that ASN. However, I cannot recreate this in pfBlockerNG. Are you runni... Kris Phillips

03:27 PM Bug #13360 (New): Not All AS Prefixes are returned by WHOIS

If you set up a rule to do WHOIS on AS4917, these are the prefixes returned by pfBlockerNG:
• 12.187.160.0/24
•... Alex Knop

12:05 PM Todo #13349 (Pull Request Review): Add note in WireGuard GUI regarding routing behavior for Allowed IPs

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/254 Marcos M

07/15/2022

02:00 PM Bug #13154: pfBlocker causing excessive CPU load

Michael Novotny wrote in #note-11:
> Interesting... I reinstalled pfBlocker (pfBlockerNG-devel 3.1.0_4) as I was not ... Denny Page

01:08 PM Bug #13154: pfBlocker causing excessive CPU load

Denny Page wrote in #note-10:
> Probably should confirm that the patch applied correctly. Assuming that you are runni... Michael Novotny

12:45 PM Bug #13154: pfBlocker causing excessive CPU load

Michael Novotny wrote in #note-9:
> The high cpu is still occurring with this patch applied and running on 22.05, re... Denny Page

08:17 AM Bug #13154: pfBlocker causing excessive CPU load

The high cpu is still occurring with this patch applied and running on 22.05, reboot, reloading package, etc. As sta... Michael Novotny