pfSense » pfSense Packages

08/23/2022

06:18 AM Bug #12475: OpenVPN Client Export does not show certificate without private key

Charles Sprickman wrote in #note-12:
> Marcos M wrote in #note-11:
> > I'm reopening this. The comments above about... Denis Grilli

08/22/2022

09:00 PM Bug #13441 (Confirmed): FRR fails to start with route map on "sequence 0" in configuration

Creating a route map in FRR global configuration and assigning a network to sequence 0 prevents FRR/BGP from loading
... Paighton Bisconer

08:13 PM Bug #12475: OpenVPN Client Export does not show certificate without private key

Marcos M wrote in #note-11:
> I'm reopening this. The comments above about the $settings and $cert variable are corr... Charles Sprickman

08/21/2022

07:25 AM Bug #13432: ups driver will not start

It seems to be the same as this issue: https://redmine.pfsense.org/issues/9849
This was on a completely new instal... Scott Lampert

08/20/2022

09:58 PM Bug #13432: ups driver will not start

Actually, I tested this with an APC unit just now and the nut package and was able to connect with the generic usbhid... Kris Phillips

09:42 PM Bug #13432: ups driver will not start

Hello,
I tested and was unable to reproduce this, but I don't have a Cyberpower UPS. It seems this shouldn't be l... Kris Phillips

04:19 AM Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only

The same behavior on 22.09-DEVELOPMENT (amd64)built on Fri Jul 29 06:14:54 UTC 2022
Lev Prokofev

08/19/2022

02:43 PM Bug #13432 (Incomplete): ups driver will not start

I cannot get a USB-connected UPS to be recognized unless the nut usb driver is started with the "-u root" option.
... Scott Lampert

08/18/2022

11:44 PM Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made

Andrzej Milewski wrote in #note-3:
> I have BIND version 9.16-11 package and pfSense version 2.5.2. Serial number no... Gabriel Millerd

08/16/2022

11:28 PM Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined

Here's a workaround for this issue however seems the workaround will not stay after network disconnection etc.or some... UserPfbUg User

09:11 PM Bug #13421 (New): Stunnel certificate does not refresh

I use stunnel with ACME certificates which expires every 90 days. When the certificate is 6í days old ACME auto refre... A Schnee

08/15/2022

09:54 AM Bug #12130 (Closed): Zeek fails to start

Jim Pingle

12:54 AM Bug #12130: Zeek fails to start

I've tested on 22.05 pfsense release and Zeek (3.0.6_3) is started with out any issue. The file local.zeek is present... aleksei prokofiev

09:53 AM Bug #13415: Pushing WireGuard traffic out a specific GW using static routes crashes the WireGuard Service

Seems highly unlikely it's related to policy routing, but maybe the way the service is restarted or the conditions at... Jim Pingle

08/14/2022

03:30 AM Bug #13415 (New): Pushing WireGuard traffic out a specific GW using static routes crashes the WireGuard Service

This relates to Bug #11613 and Bug #12811
Trying to work around Bug #12811 I set up a Gateway Group containing 2 ... Oskar Stroka

02:31 AM Bug #13404: LDAP authentication does not working

Hello,
yes, I can't find the right options that allow me to configure ldap authentication when you don't have admin ... Ettore Caprella

08/13/2022

06:43 PM Bug #13404: LDAP authentication does not working

Hello,
The virtual-server-default config file is generated from the webConfigurator in freeRADIUS. You shouldn't ... Kris Phillips

06:31 PM Bug #13409 (Confirmed): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only

Confirmed on 22.05. Pressing the button does nothing in HTTP mode. Switches back to HTTPS and it functioned as expe... Kris Phillips

06:28 PM Bug #13410: ClamAV 0.104.2 is subject to several vulnerabilies

The latest is on Freshports. We should probably bump the pfSense squid package up a version and pull in the updated ... Kris Phillips

01:13 PM Bug #12506 (Resolved): Only selected instance is restarted on suppress list change

Tested against:... Danilo Zrenjanin

09:29 AM Bug #12036: Certificate Manager page do not show Zabbix used certificates

Tested:... Danilo Zrenjanin

01:25 AM Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined

https://forum.netgate.com/topic/174018/squidguard-rewrite-rule-bug
If manually modify the squidguard configuration f... UserPfbUg User

01:21 AM Bug #13412 (New): SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined

So, SquidGuard - Rewrites
If we create a new rewrite rule, add 1 rewrite condition and save it, Apply, it works ... UserPfbUg User

08/12/2022

08:02 AM Bug #13410 (New): ClamAV 0.104.2 is subject to several vulnerabilies

The current ClamAV pkg: clamav-0.104.2,1 is subject to a number of new vulnerabilites:
https://blog.clamav.net/2022/... Steve Wheeler

06:35 AM Bug #13409 (Pull Request Review): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only

Under *VPN/WireGuard/Peers/Edit* - *Optional pre-shared key for this tunnel* Copy button works only when the GUI runs... Danilo Zrenjanin

06:29 AM Bug #12258 (Resolved): Copy key buttons only work in HTTPS mode

Tested against:... Danilo Zrenjanin

02:36 AM Bug #13404: LDAP authentication does not working

I can add moreover that I don't have any admin privileges on the ldap server and the ldap doesn't store any password ... Ettore Caprella

08/11/2022

03:29 PM Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable

The @<br />@ shown there is done on purpose - this affects the alias details when hovering over an alias on the firew... Marcos M

09:12 AM Bug #13405 (New): Wireguard: The webgui becomes excessively slow to respond with a large number of peers

Webgui pages that include data from Wireguard can become very slow to respond with a large number of elements present... Steve Wheeler

07:50 AM Bug #12414 (Resolved): DNSBL SafeSearch page displays input validation error if DoH / DoT blocking is not enabled

Tested:... Danilo Zrenjanin

04:51 AM Bug #13404 (Not a Bug): LDAP authentication does not working

Hi all,
has anyone encountered this particular issue with Freeradius3 0.15.7_33 with LDAP when a user tries to authe... Ettore Caprella

04:35 AM Feature #13403 (New): Option to suppress graphing for individual thermal zones

As in many systems the thermal_tz1 and thermal_tz0 are invariant (not really present) it would be nice if they could ... odo maitre

08/10/2022

03:34 PM Feature #13402 (New): Monitor graph thermal sensors F option vs just C

So the thermal widget allows showing temps in F, but if you look at the monitor graph it is only in C.
Allow for t... JohnPoz _

06:37 AM Bug #13395: pfBlockerNG changes firewall URLs to unparseable

pfSense 22.05
pfBlockerNG-devel 3.1.0_4
Steps to recreate:
Run wizard and (re)create the default setup.
It mi... Per-Arne Hellarvik

06:16 AM Bug #13395: pfBlockerNG changes firewall URLs to unparseable

I couldn't replicate the issue on the 22.05 pfSense release.
I tested against:... Danilo Zrenjanin

08/09/2022

07:47 AM Bug #12206 (Resolved): Certificate Manager page doesn't show Net-SNMP used certificates

Azamat Khakimyanov

08/08/2022

11:52 AM Bug #12206 (Assigned): Certificate Manager page doesn't show Net-SNMP used certificates

Tested on 22.05
After configuring CA and Certificate for Net-SNMP, and choosing 'Interface Binding: TLS/TCP' I saw N... Azamat Khakimyanov

06:58 AM Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute

Tested on 22.05
Both LDAP server configurations have ipaNThash control attribute.
I marked this Bug as resolved. Azamat Khakimyanov

08/06/2022

09:18 PM Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

Setting "Auto" for the algorithm also causes issues. Formerly, it used to error out on "Auto" not being a valid opti... Kris Phillips

08:54 PM Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages

The NUT package is in FreshPorts:
https://www.freshports.org/sysutils/nut/
This will be automatically brought in ... Kris Phillips

08:50 PM Feature #13370: Wireguard Dashboard status

Gil Gil wrote in #note-4:
> Ideally, it would be nice to see which Peers are connected, similar to the status of the... Kris Phillips

08:27 AM Bug #12706 (Resolved): pfBlockerNG and unbound does not work after switching /var to RAM disk

Tested:... Danilo Zrenjanin

06:14 AM Bug #13114: BIND calls rndc in rc_stop when named is not running

Any instructions on how to replicate/test this case would be appreciated. Danilo Zrenjanin

06:10 AM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

It's not a bug, then. The correct syntax must be manually entered in the Custom Options field in the OpenVPN base cli... Danilo Zrenjanin

01:09 AM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

In origin, the config was imported to 22.01.
With problems:
OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)... Lev Prokofev

08/05/2022

09:18 PM Feature #12658: Adding prometheus metrics to darkstat

Sorry to keep pestering about this, but I am wondering what else needs to be done to include this?
Thank you. Karim Elatov

02:18 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Which version(s) of the OpenVPN binary are in place on the _clients_ when they have problems / when they do not have ... Jim Pingle

01:46 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Tested on the:... Danilo Zrenjanin

08/04/2022

01:38 PM Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable

It seems like the Auto creation of the update-urls in Firewall->Aliases->URLs get some addition which should not be t... Per-Arne Hellarvik

08/01/2022

08:02 AM Bug #13380 (Feedback): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Is this a problem in base or in the OpenVPN client export package? The issue was opened under base (not packages), bu... Jim Pingle

06:47 AM Bug #12683 (Resolved): snort_get_vpns_list() does not include OpenVPN CSO

Tested on 22.05
OpenVPN CSO subnet/IP were successfully added as VPN Addresses into Snort Pass List
I marked th... Azamat Khakimyanov

04:16 AM Bug #11693 (Resolved): IPv6 static routing fails

Tested on 22.05
When I setup FRR static route 240d::/20 via DHCPv6 interface I got correct static route in frr.con... Azamat Khakimyanov

07/31/2022

11:21 AM Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces

Tested on 22.05
I wasn't able to reproduce this issue. After deleting interface which were chosen for BFD peer, I ... Azamat Khakimyanov

07/30/2022

09:38 PM Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected

I tried to recreate this and got a different error message with the same Phase 1 settings:
Phase 1 Hash Algorithm ... Kris Phillips

09:20 PM Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead def... Kris Phillips

07/29/2022

05:49 AM Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change

Tested:... Danilo Zrenjanin

04:39 AM Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs

Tested:... Danilo Zrenjanin

07/28/2022

05:29 AM Bug #13380 (Not a Bug): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"

Find that if the OpenVPN client has the "TCP" option of the remote (--remote host [port] [proto])
Example
@rem... Lev Prokofev

07/26/2022

04:13 PM Bug #12475 (New): OpenVPN Client Export does not show certificate without private key

I'm reopening this. The comments above about the $settings and $cert variable are correct. A symptom of this is that ... Marcos M

04:03 AM Regression #12160 (Resolved): An invalid configuration is generated when choosing TLS as the default protocol

Tested on 22.05 and on 22.09-DEV
There was no problem using TLS as a default protocol for syslog-ng. I was able su... Azamat Khakimyanov