pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available!
-
First of all thanks for all your hard work!!
I did encounter an issue after upgrading from 2.5.2 to 2.6.0. It appears that any rules I had set to match "Diffserve Code Point" values started erroring out when the ruleset is loaded. I tried several combinations and it seems that the only ones that were causing errors were ones set with csX markings (I was matching on cs7).Here's my exact error message:
There were error(s) loading the rules: /tmp/rules.debug:278: illegal tos value 56 - The line in question reads [278]: match log on { WAN_Group } inet proto udp from any to any port $Zoom_UDP tos "56" ridentifier 1589829693 queue (qLowDelay) label "USER_RULE: Zoom Uploads (match CS7 audio dscp)I'm not sure where I should request help or post about this on the forums... I didn't have this issue prior to the upgrade.
-
I was able to reproduce and correct this error by manually editing my config.xml file. I filed a bug report here....
https://redmine.pfsense.org/issues/12803
-
Great update - went smoothly. Took under 15 minutes: Qotom i5-5250U, 8GB RAM and 120 GB SSD (circa 2% used). ISP: VM 200Mbit down, get 200.
-
The update from version 2.5.2-RELEASE (amd64) to 2.6.0-RELEASE (amd64) with the following hardware: Qotom Q878GE Intel(R) Core(TM) i7-8550U CPU 16 GByte RAM and 256 Gbyte mSata SSD took smoothly within 5 to 10 minutes. The following packages have been updated: acme, apcupsd, Cron, freeradius3, iperf, Lightsquid, mailreport,nut, openvpn-client-export, pfBlockerNG-devel, squid, squidguard. It doesn't get any better than that. Thank you for the successful update process and greetings from Germany
Thank you very much for the great work
kaj
-
I just upgraded from 2.5.2 to 2.6.0, and it appeared to go well, except that I can no longer access the serial console by logging in as root. I can still login with ssh, to the user id that I use with the webgui, but I don't get the menu.
Is this expected behavior, or a bug?
How can I access the serial menu over ssh? -
@guardian sounds like you made a legitimate login at some point that isn't admin/root. Might need to re-create it (even though it is there) to get the login script and such back for the 'new' user.
Guessing have to install sudo and stuff, as normal user wouldn't have root access.
I think the textual menu is provided by /etc/rc.initial -
@guardian try running
/etc/rc.initialto get the menu. Only 'admin' gets the menu by default. If you have disabled this account it is now reflective in the SSH connection with the 2.6 update.
-
This post is deleted! -
HI,
any Idea how to deal with CVE-2022-0778 in the case e.g. HaProxy use inside pfSense?
BR Johannes -
@jwg014 said in pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available!:
any Idea how to deal with CVE-2022-0778 in the case e.g. HaProxy use inside pfSense?
HAProxy would only be affected if you have it configured to accept client certificates as a form of authentication. Which is possible, but rare in practice. If you have concerns about that, move the service inside a VPN where it's much more protected. As far as we can tell so far, VPNs are not likely to be as much of an issue as there are other hurdles attackers would have to overcome before the certificates come into play (e.g. TLS key protecting OpenVPN in addition to certificate auth.), and several VPN types and configs don't use certificates at all (e.g. WireGuard). We're still checking into it and keeping an eye on what people find, though.
-
This post is deleted! -
This post is deleted! -
M mleighton unpinned this topic on
-
@mleighton Were to report a security issue ?
Need a contact info, I'm not going to put on public. -
@urbanovits said in pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available!:
@mleighton Were to report a security issue ?
Need a contact info, I'm not going to put on public.https://www.netgate.com/security has the relevant contact information and procedures for reporting security issues.
