pfSense Plus Software Version 23.09 BETA Now Available for Testing

Gertjan

@GeorgeCZ58 said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

Freeradius after last package upgrade can cause big issues to others

An issue that is known for a couple of weeks now.
People started to discover what happens when this Services > FreeRADIUS > Settings isn't set.

and this one is even nastier : there was a bug in FreeRadius itself.
And when you upgrade pfSense, it will re install packages that are found when rebooting after pfSense after the upgrade (common advise is/was : remove packages before pfSense upgrading - but I admit : I'm not doing that neither).

At the end you were protected by the last safely net : before upgrading pfSense, take config backups, right after the pre pfSense reboot (the manual reboot before the upgrade).

See Upgrade of FreeRadius3 from 0.15.10 to 0.15.10_1 sets all configuration values to default. in the pfSense Package forum (third thread).

DBLClick

@DefenderLLC said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

suricata 7 , HA Proxy, and ntop. upgrade was very successful without issues.

Darkk

I've updated my instance to 23.09-RC (amd64) built on Thu Oct 26 18:51:00 PDT 2023. No issues with the upgrade but I just noticed it broke my e-mail notification. I can always redo it which isn't big of a deal so don't know if something got reset or not.

jrey

@Darkk said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

don't know if something got reset

not here -- all good. (helpful answer I know)

Darkk

@jrey said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

@Darkk said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

don't know if something got reset

not here -- all good. (helpful answer I know)

Ya, no big deal. I re-entered the e-mail password and it's working fine now.

Darkk

Although for the e-mail SMTP notification it would be cool if it can make use of PGP keys to encrypt these e-mails as some may go through something like gmail which I rather they don't see anything sensitive about my firewall.

Gertjan

@Darkk said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

they don't see anything sensitive about my firewall.

They won't. Neither do you.
That is, they could see your pfSense WAN IPv4, but they already knew that.
No passwords or other info like that is transmitted.
I never saw secret stuff in these notification mails.
Notification mails are what they are : they tell you to call home as there is an 'event'.
Up to you to decide to check it out (using for example VPN).

@Darkk said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

I re-entered the e-mail password

pfSense doesn't / shouldn't use the gmail password.
I had to generate a 'app password', a password created for an app or device. For every device that uses your gmail account, you have to create an unique password.
The advantage is : you can revoke them in a central place, and no need to put your email credentials in every device, as that would be a big security issue.

Bob.Dig

@Darkk How about running your own, local email-server.

jrey

@Bob-Dig said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

local email-server.

Was just typing the same thing

Notifications directly from the Netgate are actually rare here, but from the syslog server that that Netgate logs to - that's a whole different kettle of fish.

Still, in some areas the logging to Netgate->syslog needs work. Also depends on what packages are being used.

NollipfSense

So, I upgraded to 23.0 9RC...first thing I noticed is that the Netmap harmless but ugly messages are gone.

SteveITS

@GeorgeCZ58 Re the FreeRadius bug, you can manually edit the config file to recover: https://redmine.pfsense.org/issues/14596

Since it happens on upgrade (which uninstalls/reinstalls) it’s likely to hit anyone who hasn’t saved the default settings page.

Darkk

Now getting this error. I dismissed it the first time thinking it's just a fluke. Now it happened again:

00:00:00 PHP ERROR: Type: 1, File: /usr/local/bin/mail_reports_generate.php, Line: 61, Message: Uncaught ValueError: exec(): Argument #1 ($command) cannot be empty in /usr/local/bin/mail_reports_generate.php:61
Stack trace:
#0 /usr/local/bin/mail_reports_generate.php(61): exec('', '')
#1 {main}
thrown

Darkk

Figured out the e-mail issue. Apparently I had the command as being blank. Soon as I removed that it's working ok now.

stephenw10

Hmm, that feels like there should some input validation to prevent that. You should probably open a bug for it.

DefenderLLC

Boom!

Darkk

@DefenderLLC Oct 31st? Halloween edition?

DefenderLLC

@Darkk That's when the RC came out and now it's official.

Darkk

@DefenderLLC said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

@Darkk That's when the RC came out and now it's official.

Ya, I upgraded my instance this morning. No issues.

stephenw10

@Darkk said in pfSense Plus Software Version 23.09 BETA Now Available for Testing:

@DefenderLLC Oct 31st? Halloween edition?

Many references were posted internally.

amanda87

This post is deleted!