Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    S

    @njaimo There's a note on https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-config.html

    Python Module Order:

    Controls the position of the Python module in the DNS resolution process. If DNSSEC is disabled, this option has no effect. Pre Validator: The script is run before DNSSEC validation. Post Validator: The script is run after DNSSEC validation.

    Since we normally forward (to Quad9) we disable DNSSEC.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J

    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection.

    If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application?

    Thanks.

  • 0 Votes
    7 Posts
    18k Views
    R

    @Stay:

    @Justinw:

    Even in 1.01 and prior versions I've been able to use pkg_add for nagios, nrpe, webmin, and squid.  What packages are you trying to add?  I realize that its not the same as installing from source but its still not bad.

    I need a quagga package and more software, actually not package but port.
    Actually, I need full integration whole of the FreeBSD Ports Collection.  :P

    I've done this before on my pfSense box. All you should have to do is execute the following command. This will install the ports collection from the FreeBSD mirror. Then do a pkg_add -r name

    fetch -o - "ftp://ftp1.us.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz" | tar zxf - -C /usr

  • Snort stream4 preprocessor ignores whitelist ?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Snort still running even after uninstalled (in GUI)

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    J

    I would just ssh in and go to /usr/local/etc/rc.d  look for the snort startup script and delete it.  I don't imagine it works a whole lot different than other packages…

  • Snort inilization failure

    Locked
    100
    0 Votes
    100 Posts
    56k Views
    Y

    @sdale:

    @sullrich:

    These are rule related problems.  I have no idea how to fix these, you are somewhat on your own here.

    Yea, I'm taking a look into it.

    I found the problem. It lies within my edit rule file. I will send the diff soon as I get it completed.

  • Siproxd???

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S

    When someone fixes it.

  • Transparent mode for squid 2.5.14_2-p7.1 appears to be broken!!!!

    Locked
    11
    0 Votes
    11 Posts
    5k Views
    H

    hi

    looks like squid is working on some pc's only, i have 4 pf boxes, upgraded to 1.01, only 1 server made it with squid, the other 3 couldn't restart with squid installed,

    just to help.

    oops, spoke too soon, i just had a power failure today, and the only ps box that was running ok, didn't make it too, so none is of the 1.01 ps boxes restarting with squid installed.

  • Install new packages howto?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J

    i will give you the first 3 things to do

    1 learn php
    2 learn xml
    3 learn freebsd 6.1 kernels compiling

  • SNORT on embeded

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    S

    Ask the Snort guys.  I really don't know.

  • Error installing Stunnel and FreeRadius (cant read tbz pkg)

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    S

    Try again.  The package was updated.

  • Antivirus status

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    S

    Nobody is working on it currently.  At this rate, years.

  • Widentd package broken - Please confirm

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J

    Did you already enable it in the rc.d file?  Make sure the enable flag is set to YES and not NO

  • Snort Blocked tab takes an incredibly long time to load.

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    Deinstall and reinstall Snort.  This bug was fixed.

  • Current SNORT packages for pfsense 1.0.1

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Y

    No, snort is not included. You have to download it after a fresh install.

    I believe most of the snort folders are left alone during an uninstall of the package. If you were to remove snort and then reinstall it at a later time, it will load up with your previous configuration as long as you didn't reformat.

  • How to install wget

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J

    ssh into your box
    shell>pkg_add -r wget

  • Installing package like squid from the GUI

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    D

    @rdevries:

    Thanks Hola!

    ;D Sory my english. I read quikly and wrong undestanding you post  :-[

  • Spamd - Configuration help needed

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R

    Thanks bill.

    Sorry I should have checked the man page.

    I see it forwards it directly onto the MTA once it hits the whitelist, meaning firewall rules probably need to be updated to allow Internet –> 172.16.16.7.

  • Snort error after click "Save" botton

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    Upgrade to 1.0.1.

  • NTOP eating my processor :-D

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    H

    darkstat stops also here

  • Quagga

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    M

    @sullrich:

    However donations/bounties are a  good way to speed up a devs interest.

    Can you -or any other interested developer- make an estimate regarding the amount of a quagga bounty.

  • More squid features

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    T

    Just updates the squid-diffs for squid_7.1

    see the links above for download… (or http://pfsense.trendchiller.com/squid/)

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.