pfSense » pfSense Packages

03/30/2023

02:16 PM Regression #13978: PHP errors with squidGuard

Additionally:... Steve Wheeler

07:19 AM Bug #14203 (Rejected): Zabbix Agent 6.2 installation fails

The package installs fine (both agent and proxy) so whatever problem you are encountering is likely unique to your se... Jim Pingle

04:19 AM Bug #14203 (Rejected): Zabbix Agent 6.2 installation fails

I see that this issue is reported a couple of times, i.e. https://redmine.pfsense.org/issues/13587 however it still p... Rajib Momen

03/29/2023

05:29 PM Bug #14199: ACME - Issue with corrupted cert

Hi Jim .
My bad, I said HAProxy by mistake, I am using ACME for this, attached screenshot
Juan Francisco Rodriguez Garcia

11:57 AM Bug #14199: ACME - Issue with corrupted cert

The attached configuration snippet isn't a valid configuration for ACME. I'm not sure how it ended up in that state, ... Jim Pingle

02:58 PM Todo #14202 (Resolved): Rename exported OpenVPN connect files as "connect" rather than "ios"

Some of the files have names that are not following the same rules as the rest. I have made corrections to some of th... Jon Brown

10:02 AM Bug #14200 (New): WireGuard reply-to without NAT

I have discovered that the WireGuard package requires the interface to have the gateway set for the reply-to rules to... Carrnell Tech

03/28/2023

05:34 PM Bug #14199: ACME - Issue with corrupted cert

Attaching the Acme section of my config.xml backup which had this issue after upgrading to the new release on Feb 17 ... Jerold Von Hemel

04:55 PM Bug #14199 (Resolved): ACME - Issue with corrupted cert

Hi team
After creating a new cert in HAProxy i got an timeout on the webui interface then receive this error:
P... Juan Francisco Rodriguez Garcia

02:25 PM Todo #14194: Better colours for alerts

Green and Red are also not great choices because some people are red/green color blind, so ideally whatever colors ar... Jim Pingle

01:32 PM Todo #14194 (New): Better colours for alerts

on the page Firewall --> pfBlockerNG --> Reports --> unified (and others)
pfBlocker uses
* 'Red' for traffic st... Jon Brown

01:50 PM Feature #14196 (Incomplete): permitted firewall rules - additional text

Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules
Can you add some additional i... Jon Brown

01:45 PM Feature #14195 (New): Customise what are class as Full Domains when blocking with DNSBL

Currently when a DNSBL is Blocked you get one of 2 pages depending what was looked up. Most lookups will end up beeb ... Jon Brown

01:26 PM Feature #14193 (Duplicate): Website to add and remove feeds automatically

I would like to see a website where end users (me and others) can add feeds and report dead feeds that would then be ... Jon Brown

11:22 AM Feature #14192 (Rejected): Instant Website Redaction Technology Not working

Hello Fellow Netgate Community Members,
I wanted to share some topics for discussion and possibly create a communi... Jonathan Lee

09:33 AM Regression #14189: pfBlocker-NG: HA-Sync is not working

I understand, but I don't know what is "not" happening.
There are two choices when configuring Sync for pfBlockerN... name name

03/27/2023

07:14 PM Regression #14189: pfBlocker-NG: HA-Sync is not working

Packages get updated directly, they don't get patches.
Also there is almost no detail here or on the linked forum ... Jim Pingle

05:31 PM Regression #14189 (Confirmed): pfBlocker-NG: HA-Sync is not working

I'm not the only one with this problem.
See https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working .
... name name

11:27 AM Todo #9200: Add DNS support for Google domain to Acme manager

Ryan Keen wrote in #note-9:
> It appears that Google Domains has added support for DNS-01 ACME Challenges using a to... Jim Pingle

08:53 AM Todo #14155 (Rejected): 'Block Outside DNS' option is present in the server and on the client

The two options cover different scenarios: The option in the base pushes to all clients, the option in the client exp... Jim Pingle

08:32 AM Bug #14142 (Rejected): PHP errors in OpenVPN Client Export package

Christopher is right, it looks like the package needs updating because @vpn_openvpn_export_shared.php@ is removed on ... Jim Pingle

08:14 AM Bug #14141 (Rejected): pfsense 2.6.0 -pfSense-pkg-squid installation failed!

This isn't a bug, but a problem with your current update settings. This site is not for support or diagnostic discuss... Jim Pingle

07:53 AM Feature #14126: Quality monitoring graph scale adjustment

Moving over to the graph frontend location since I'm fairly certain if it can be changed, it's in the parts located i... Jim Pingle

03/25/2023

06:43 PM Todo #12351: Remove non-functional feeds

shallalist is no longer updated, it needs to be removed from DNSBL categories
https://www.shallalist.de/ is comple... Jordan G

06:34 PM Bug #13936 (Pull Request Review): PHP error from RRD Graphs when attempting a query a newly created empty database

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/333 Christopher Cope

07:49 AM Bug #14179 (New): FreeRadius is active but in an inoperable state, switches to a generated freeradius-temp certificate upon restart

I was testing my HA setup yesterday evening and used the "Enter Persistent CARP Maintenance Mode" button quite a few ... name name

03/23/2023

05:25 AM Feature #14160: Add Search Engine Group in feeds

This is so we can whitelist search engines "Search Engines IPv4", "Search Engines IPv6" Jon Brown

05:02 AM Feature #14160 (New): Add Search Engine Group in feeds

It would be good to get a search engine feed so you can either block them or use them as a whitelist. I have included... Jon Brown

05:22 AM Feature #14162 (New): Add 'Google Services' feed group

This group can be used to allow the blocking or whitelisting of google services. I have added what I found along with... Jon Brown

05:17 AM Feature #14161 (New): Add 'Microsoft Services' feed

This should include all of the Microsoft services and preferably in separate items. I have included links to the page... Jon Brown

03:17 AM Feature #14159 (New): Add netgate bogon feeds

Can you add the netgate bogon feeds.
* https://files.netgate.com/lists/
** https://files.netgate.com/lists/bogon-... Jon Brown

02:48 AM Bug #13936: PHP error from RRD Graphs when attempting a query a newly created empty database

Can replicate on ... Lev Prokofev

03/22/2023

03:34 PM Feature #13200: Custom DNS Servers for Alert settings

One solution would be to deny:
LAN: Deny any != pfblockerng ip TCP/UDP:53
WAN: ANY outgoing TCP/UDP:53
And allow... Carlos Montalvo J.

11:27 AM Todo #14155 (Rejected): 'Block Outside DNS' option is present in the server and on the client

I find this situation confusing and propose a couple of resolutions:
* If the option 'Block Outside DNS' should stay... Jon Brown

11:22 AM Feature #11165: OpenVPN Exporter - Allow for name customization

I would like to see this so if I want, I can create more human readable connection names which are shown in the OpenV... Jon Brown

08:41 AM Bug #14142 (Not a Bug): PHP errors in OpenVPN Client Export package

This doesn't look like a bug. From the logs, the OpenVPN export package needs to be updated / reinstalled.
If that... Christopher Cope

06:05 AM Bug #14142 (Rejected): PHP errors in OpenVPN Client Export package

Good moorning after installation last version of pf-sense, system shows Us the follow error related openvpn .
I am... Stefano Raniero

08:40 AM Feature #14154 (New): Ability to use pfSense alias in IPv4 Custom_List

Firewall --> pfBlockerNG --> IP --> IPv4 --> edit/add --> IPv4 Custom_List
the reasons for this are:
* I only hav... Jon Brown

08:36 AM Bug #14153 (New): default whitelist is not created

When I click on the button from the + button from the reports tab and follow the whitelisting, the default whitelist ... Jon Brown

08:08 AM Feature #14151 (New): Add (ASN) to IPv4 Custom_List information

Firewall --> pfBlockerNG --> IP --> IPv4 --> IPv4 Custom_List
the line ... Jon Brown

08:05 AM Feature #14150 (New): Source and Destination information for IPv4 Custom_List and feeds

Firewall --> pfBlockerNG --> IP --> IPv4 --> list
When you edit/create a list you have to select an action type an... Jon Brown

07:58 AM Feature #14149 (New): Make the NEXT Scheduled CRON counter active

I would like the countdown timer of the cron to be active. Like on an aution page of ebay. :)
Firewall --> pfBlock... Jon Brown

07:54 AM Feature #14148 (New): Update alias information and error handling

On the following sections can you:
Firewall --> pfBlockerNG --> IP --> IPv4
*Advanced Inbound Firewall Rule Set... Jon Brown

07:48 AM Feature #14147 (New): when you rename an alias the alias reference in pfsense Advanced Inbound/Outbound rules ar enot updated

I refer to the rules @ (Firewall --> pfBlockerNG --> IP --> IPv4)
I noticed that when I renamed an alias that the ... Jon Brown

07:36 AM Bug #14146 (New): Small Typo in 'Advanced Outbound firewall rule settings' warning message

When creating an IPv4 outbound permit rule (Firewall --> pfBlockerNG --> Ip --> IPv4) and you leave the **Custom Prot... Jon Brown

03/21/2023

07:17 PM Bug #14054: pfBlockerNG can incorrectly modify firewall rules

It appears this related to the IPv4 IP list being updated, and happens during this step:... Marcos M

06:38 PM Bug #14141 (Rejected): pfsense 2.6.0 -pfSense-pkg-squid installation failed!

Hi guys,
Any help please.
I'm working on a lab project that is due in the comming days. Everything has worke fine u... Jean Smail Origene

05:43 PM Todo #9200: Add DNS support for Google domain to Acme manager

It appears that Google Domains has added support for DNS-01 ACME Challenges using a token generated on Google Domains... Ryan Keen

01:56 PM Feature #8547: fwknop Port Knocking Package

I'd like to add a vote here, too. This would be *incredibly* useful.
Port knocking is not an _alternative_ to a VP... Liquid Thex

03/20/2023

02:03 PM Bug #14116 (Duplicate): Squid Error went I press SAVE button.

Duplicate of https://redmine.pfsense.org/issues/13984
Missing Squid Reverse config values. Steve Wheeler

10:19 AM Bug #14116: Squid Error went I press SAVE button.

Looks like Clamav is the issue, once I disable this services, the error is gone.

This is my config file:
cat... Peter Moreno

03/19/2023

04:33 PM Regression #14024: PHP error in HAProxy Widget with Show Client Traffic enabled

I have the same issue but only affecting one of my deployments. As a workaround you can disable the haproxy service t... Hans Perera

11:25 AM Feature #14126 (New): Quality monitoring graph scale adjustment

If possible, it would be nice if the scale of the packet loss side of the onitoring graph was not the same as the lat... Chris Linstruth

03/18/2023

09:36 PM Bug #13985: Telegraf error After Update PFSense to 23.01

Unable to replicate in pfSense CE 2.7. Possible it's just an issue on Plus for some reason. Kris Phillips

09:30 PM Bug #14116: Squid Error went I press SAVE button.

Hello,
What settings do you have enabled and what page were you on that you clicked save to cause this issue? I'v... Kris Phillips

03/16/2023

07:59 PM Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Prime BDE wrote in #note-28:
> Nunya Business wrote in #note-27:
> > This problem has returned with the current ver... Gianluca Semadeni

02:49 AM Feature #14101: Add Zabbix 6.4 packages

Should there be any help needed, I happen to be the maintainer of all zabbix ports. Juraj Lutter

12:52 AM Bug #14116: Squid Error went I press SAVE button.

Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 devel-main-n2558... Peter Moreno

12:51 AM Bug #14116 (Duplicate): Squid Error went I press SAVE button.

Hello, I have squid+SG on Pfsense 2.7-dev, testing.
I was trying to do a little change and went I press 'SAVE' butto... Peter Moreno

03/15/2023

09:45 AM Bug #14113 (Duplicate): PHP Error: /usr/local/pkg/avahi/avahi.inc:76

Duplicate of #14019 Jim Pingle

02:22 AM Bug #14113 (Duplicate): PHP Error: /usr/local/pkg/avahi/avahi.inc:76

Just updated my pfsense box to 23.01 from 22.05. Everything was going smoothly, but on my first login i received a no... S Hunor

03/14/2023

01:42 PM Bug #14075: Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics

I have returned ipfw to development snapshots so we can work on replicating and testing there. It is not possible to ... Christian McDonald

10:54 AM Bug #14108 (Rejected): Antivirus Bases showing outdated main.cvd with a version dated year 2021

Per ClamAV's website:
"ClamAV signatures come in a variety of formats, one for each of the distinct detection method... Jonathan Lee

03/13/2023

05:27 PM Feature #14101 (Resolved): Add Zabbix 6.4 packages

https://www.freshports.org/net-mgmt/zabbix64-agent/
https://www.freshports.org/net-mgmt/zabbix64-proxy/
Tirso Ramirez

09:43 AM Feature #14100 (New): Use interface groups as an Alias for IP Interface/Rules Configuration

Hi
I understand that there is an order in how firewall rules are used but my suggestion is not for altering that.
... Jon Brown

09:05 AM Regression #13978: PHP errors with squidGuard

Also:... Steve Wheeler

03/12/2023

04:02 PM Bug #13043: OSPF over Wireguard interface doesn't populate neighbors after reboot

Hi,
just wanted to confirm. I can reproduce this issue on all of my installations so far. Mostly PFsense CE 2.6.0 ... Johann Lohberger

09:09 AM Regression #14097 (Duplicate): Upgrade to 23.01: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string / int in /etc/inc/util.inc

Duplicate of #14024 Jim Pingle

01:28 AM Regression #14097 (Duplicate): Upgrade to 23.01: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string / int in /etc/inc/util.inc

After the upgrade to version 23.01-RELEASE I right away got a message from the Crash reporter:... Sebastian Wagner

03/11/2023

03:34 PM Bug #14096 (Resolved): Status_Traffic_Totals does not work on snapshots due to sqlite change

It looks like a recent change in sqlite broke vnstat which leads to Status_Traffic_Totals not working:
https://for... Jim Pingle

02:05 PM Bug #14094: HAProxy "Write to Disk" files not being saved

Christopher Cope wrote in #note-2:
> The files are not wrote unless HAProxy is enabled, and the backend / frontend a... Ryan V

01:39 PM Bug #14094 (Not a Bug): HAProxy "Write to Disk" files not being saved

Ryan V wrote:
> pfSense v2.6.0, HAProxy package v0.61_7.
>
> I am trying to save a map file via the Files tab in ... Christopher Cope

12:34 PM Bug #14094: HAProxy "Write to Disk" files not being saved

Replying to add that nothing helpful is showing in the logs found in Status > System Logs:... Ryan V

12:31 PM Bug #14094 (Not a Bug): HAProxy "Write to Disk" files not being saved

pfSense v2.6.0, HAProxy package v0.61_7.
I am trying to save a map file via the Files tab in the HAProxy GUI. I ad... Ryan V

09:08 AM Bug #14088 (Resolved): pfsense 2.7-dev pfSense-pkg-snort installation failed!

Jim Pingle

01:03 AM Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!

Yes, now I could install snort, thanks!!! Peter Moreno

03/10/2023

12:21 PM Bug #14075: Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics

This is likely a bug in ipfw, which was included in 23.01. 23.05 does not contain the ipfw kernel module.
23.01:
... Christian McDonald

08:44 AM Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!

I checked the Suricata port and it still uses luajit:luajit-openresty. Both work now. Christian McDonald

07:00 AM Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!

Christian McDonald wrote in #note-3:
> Thanks Bill for the history, that was helpful.
>
> I set the luajit-openre... Bill Meeks

03/09/2023

09:17 PM Bug #14088 (Feedback): pfsense 2.7-dev pfSense-pkg-snort installation failed!

Thanks Bill for the history, that was helpful.
Honestly one of these days I need to audit the port options that we h... Christian McDonald

07:54 PM Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!

Christian McDonald wrote in #note-1:
> This also impacts 23.05 snapshots.
>
> We currently build nginx with LUA supp... Bill Meeks

04:43 PM Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!

This also impacts 23.05 snapshots.
We currently build nginx with LUA support (which we don't use). Snort also depend... Christian McDonald

11:49 AM Bug #14088 (Resolved): pfsense 2.7-dev pfSense-pkg-snort installation failed!

Hello.
I want to test snort on pfsense 2.7-dev latest version
But I receive this error:
>>> Installing pfSen... Peter Moreno

10:57 AM Regression #14043 (Feedback): Netgate Firmware Upgrade fails to mount EFISYS

Fixed in plus as of 67fef1ab045a. /mnt and /boot/efi are both unmounted prior to mounting the ESP at /mnt. Reid Linnemann

03/08/2023

07:06 AM Feature #14081 (New): Nagios

Hello,
I have a problem with the netgate in version 23.01 for Nagio monitoring.
After researching the problem of... Florian BELIARD

03/07/2023

08:51 AM Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Nunya Business wrote in #note-27:
> This problem has returned with the current version of the Wireguard package, 1.1... Prime BDE

03/06/2023

02:18 PM Bug #14079 (Rejected): Debug descriptions misleading

The current text is correct. There is no need to suppress anything, it's clearly explained in the result string.
E... Jim Pingle

01:28 PM Bug #14079 (Rejected): Debug descriptions misleading

the purpose of the debug button is... Jon Brown

03/05/2023

07:14 PM Bug #14075 (Not a Bug): Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics

Report from a Netgate 7100 after upgrading to @23.01@.
Before disabling the @Transparent ClientIP@ option in hapro... Marcos M

01:52 PM Bug #14058: Update vendor=on triggers installation failure

Thanks Chris. Let’s wait and see then. Jan-Peter Koopmann

03/04/2023

08:17 PM Todo #14073 (Confirmed): Shalla block list is offline but still available in pfBlocker

The Shalla Services blocklist went offline permanently in January 2022. It's still available as a list option in the ... Chris W

04:35 PM Bug #14019 (Resolved): PHP Error: /usr/local/pkg/avahi/avahi.inc:76

Tested on 2.2_4. I don't see reproduction steps, so I'm assuming this was triggered on install or when navigating to... Kris Phillips

07:05 AM Bug #14058: Update vendor=on triggers installation failure

Yep very sure.
I even ran it through truss and watched the fetch calls be made and return successfully.
I waa a... Christian McDonald

04:12 AM Bug #14058: Update vendor=on triggers installation failure

Are you sure you selected „update vendor list“ in the arpwatch settings before trying to reproduce it? Jan-Peter Koopmann

03/03/2023

05:40 PM Bug #13421: Stunnel certificate does not refresh

Thanks for the work. Added to my pfsense and will see at the next refresh in a few days if it is working. A Schnee

01:16 PM Regression #14064 (Resolved): Upgrading to 23.01 breaks Tailscale on the SG-3100 on 23.01

Christian McDonald

11:50 AM Regression #14064: Upgrading to 23.01 breaks Tailscale on the SG-3100 on 23.01

Attached here is the updated package with the fix.
We are testing another fix that is blocking publishing updated ... Christian McDonald

09:38 AM Regression #14064 (Feedback): Upgrading to 23.01 breaks Tailscale on the SG-3100 on 23.01

Fixed.
https://github.com/pfsense/FreeBSD-ports/commit/78cff659895de3b5244c650fa74eec2fd975387e
Look for package ve... Christian McDonald

06:24 AM Regression #14064: Upgrading to 23.01 breaks Tailscale on the SG-3100 on 23.01

Exactly the same thing happening here on my SG-3100
Mar 3 07:10:40 php-fpm 27594 /pkg_edit.php: The command '/u... Scott Bennett

01:54 AM Regression #14064 (Resolved): Upgrading to 23.01 breaks Tailscale on the SG-3100 on 23.01

Users are reporting that Tailscale will not start/operate on the NetGate SG-3100 appliance after upgrading to pfSense... R W

07:57 AM Bug #14019 (Feedback): PHP Error: /usr/local/pkg/avahi/avahi.inc:76

I pushed a fix, it will be in the next build of the package.
Jim Pingle

03/02/2023

04:40 PM Bug #13421: Stunnel certificate does not refresh

I have experienced this problem in pfSense plus 22.05 / stunnel 5.50_11.
I "solved" it via brute force, but making t... S Premeau

04:38 PM Feature #14063 (New): FileBeats for pfsense

Is it possible to create the GUI for the filebeat package in order to export suricata/snort logs to a SIEM stack or a... Mike Moore

02:36 PM Bug #14058 (Feedback): Update vendor=on triggers installation failure

I am not able to reproduce this on 23.05 snapshots. I'm not sure it is worth the effort in fixing if it already works... Christian McDonald

02:34 PM Feature #13905 (Bogus): Introduce GUI knob for controlling ```--snat-subnet-routes``` tailscaled option

Christian McDonald

02:31 PM Feature #13905 (Incomplete): Introduce GUI knob for controlling ```--snat-subnet-routes``` tailscaled option

Marking as bogus until upstream supports this on FreeBSD Christian McDonald

02:33 PM Feature #6651 (Resolved): Loopback interfaces

Christian McDonald

02:32 PM Bug #13271 (Bogus): I got 'The WireGuard service is not running.' after I upgraded my pfSense VM from 22.05.r.20220604.1403 -> 22.05.r.20220609.1919

Marking bogus as this is now quite old. WireGuard upgrades seem to be working fine. Christian McDonald

02:30 PM Todo #13906 (Resolved): Update tailscale from 1.34.2 to 1.36.0

Christian McDonald

06:53 AM Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)

I suppose that this redmine issue 10436 could be closed if Netgate make available the previous version (from pfsense ... Marcelo Cury

03/01/2023

07:28 PM Feature #12502: Option to include Syslog-ng Configuration Library (scl)

I didn't want to wait and did this:... Wagner Sartori Junior

01:34 PM Bug #8454: Arpwatch package break email notifications from other sources

I am getting the same problem even though "Disable cron" is on and is correctly referenced in the PHP. It reappeared ... Jan-Peter Koopmann

01:32 PM Bug #14058 (Resolved): Update vendor=on triggers installation failure

the custom_php_install command fails during pkg upgrade/install if the "Update Vendor" config option is on.... Jan-Peter Koopmann

12:34 PM Bug #10590 (Closed): pfBlockerNG: Invalid argument supplied for foreach()

Error is no longer relevant to current code base. Marcos M

10:22 AM Bug #14042 (Resolved): An assigned Pass List is not shown as "Assigned" on the PASS LISTS tab when the list is used in the HOME_NET or EXTERNAL_NET setting on a Suricata interface.

PR merged, thanks! Jim Pingle

10:22 AM Bug #14041 (Resolved): Post-install migration of existing settings throws a PHP error when the configuration contains the legacy layout of a single alias in a Pass List.

PR merged, thanks! Jim Pingle

06:05 AM Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)

I downgraded softflowd, so I'm not using 1.2.6_1, this is the reason for it not showing in my package manager.
I'm us... Marcelo Cury