1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @qupfer What did I bang my head over this strange 502 issue. Your solution did it! Thank you so much, even 2.5 years later!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    fireodoF
    @tinfoilmatt said in Failed or invalid Mime Type: [application/SIMH-tape-data|0]: (ASN data is IPinfo, not Maxmind) Thats correct but "GeoLite2-Country" is from Maxmind ... (that confused me) I'm considering simply adding "application/SIMH-tape-data" to the list to test. Thats what i tought too ... I'll try when I have the time for it ... Edit: I can confirm - adding "application/SIMH-tape-data" to the list at line 257 in /usr/local/pkg/pfblockerng/pfblockerng.inc did the trick - no more error! Edit: OK, problem resolved but I would like to know, whats the cause for that error! (SIMH-tape-data sounds like a "blast from the past" ...) Thanks a lot!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    M
    And when you are on version 25.07.1 or 25.07 and then click on the reinstall button for the ACME package. It will downgrade. :) [image: 1755753389733-125fc31e-ef4f-4342-b364-48c2b03446c5-image.png]

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    599 Posts
    S
    Upgraded to 25.07 and facing the same issue. Tried the "tailscale up" command as suggested above but restarting the tailscale service kills the login again.[image: 1755715824513-tailscale_logged_out_25_07.jpg]

  • Discussions about WireGuard

    695 Topics
    4k Posts
    GertjanG
    @rosskan In theory, when you tunnel a 'VPN1' over another 'VPN2', VPN2 will see the originating IP as the one belonging to VPN1, not your real WAN IP. So far, ok. That said, when you subscribed to VPN1 and VPN2, you probably used your ISP IPv4 ^^ You installed the VPN1 (or2) application on your crappy laptop ?, if so, 'forget about it' ^^ 'as they know', the app is at an end point, and can see 'everything'. Don't forget that you pay for your VPN subscription, but you give them more then your money. They can see and use your data connection for 'data mining'. And they will make use of that data - by selling it. Why ? Because the share holders want a good financial result. If you need to connect two (your !) networks (or sites) together, use your own VPN solution. Don't use a commercial company. For example, take the ones you got with pfSense. If you really need to use that public network (aka : the Internet) to contact public servers, you are aware that the connection is already encrypted end-to-end ? That's what https is all about. 'http' doesn't really exist anymore / shouldn't be used. Also, you need to take other steps to be safe : you really should start with removing "windows 10" out of the equitation .... @rosskan said in What information can vpn provider see when I use wireguard?: does wireguard share the mac address of the ethernet port of the crappy laptop with vpn provider #2? MAC addresses travel on a local segment. Your laptop's MAC doesn't travel any further then the first hop, this is most probably your first router (gateway) like pfSense. Packet capture your traffic to check this. The Ethernet headers are not encrypted.
Log in to post
Load new posts
  • N

    Pfsense 2.1 i386 - squid2 transparent - http (80) performance really bad

    11
    0 Votes
    11 Posts
    4k Views
    N
    My resume: watch "states" and make sure there are no unwanted trafic.
  • M

    Video streaming buffering delays

    10
    0 Votes
    10 Posts
    4k Views
    R
    thanks…  maybe I'll give HAVP another try. If anyone else has tried these settings, please, chime in with your results! Rick
  • G

    Dummies guide to custom squidguard filter page?

    4
    0 Votes
    4 Posts
    2k Views
    N
    I just put in "Access denied for webpage:" I am not good at coding so I searched the forum and found a thread where different people offered their blocked pages. Perhaps searching the forum could help you. I think ist simple php coding. My page looks something like that: http://forum.pfsense.org/index.php/topic,26057.msg207864.html#msg207864
  • P

    Dns-server (djbdns) Maintainer?

    6
    0 Votes
    6 Posts
    2k Views
    jimpJ
    djbdns focuses on security above all else, including separating privileges as much as possible. On pfSense 2.1 you could just bind the DNS Forwarder to port 5353, forward queries to internal interface IPs at localhost:5353, and let tinydns handle the authoritative DNS on 53 for external queries.
  • B

    Dansguardian banned url regex

    2
    0 Votes
    2 Posts
    905 Views
    jimpJ
    And now you know why keyword blocking is and always will be ineffective. :-)
  • A

    OpenVPN Client Export Utility - different config on 1.1.3

    5
    0 Votes
    5 Posts
    2k Views
    jimpJ
    There is a choice in the latest version to use tls-remote if you need to. If you have issues with verify-x509-name then you are not running an OpenVPN 2.3-based version. Make sure you uninstall OpenVPN and reinstall it again with the most current version. An in-place run of the client would likely skip over the actual install if it already detected OpenVPN present on the system.
  • H

    TFTP doesn't seem to work out-of-the-box on 2.1

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    It works fine for me here. I installed the package, selected LAN, clicked save, then uploaded a file using the GUI and I was able to fetch that over TFTP from another system on the network.
  • N

    Openvpn export - verify-x509-name option

    4
    0 Votes
    4 Posts
    5k Views
    N
    All OK now :) Thanks!
  • S

    PfSense 2.1 & Squid

    5
    0 Votes
    5 Posts
    2k Views
    G
    Hi netwiz, iplayer is being blocked in the 'movies' group This site has been classed as non work related. If this is an error, please contact IT.: 403 Forbidden Reason: Client address: xxx.xxx.xxx.xxx Client group: default Target group: blk_BL_movies URL: http://www.bbc.co.uk/iplayer/ If you didn't want to block all movie sites, you could always make at target category of blacklist sites and then enforce your own :) I get my blacklists from http://www.shallalist.de/ Cheers, grievsa93
  • M

    Squid Stopping Download Progress

    1
    0 Votes
    1 Posts
    750 Views
    No one has replied
  • Z

    Can't start varnish, missing cc dependency or something

    16
    0 Votes
    16 Posts
    7k Views
    marcellocM
    Thanks for the feedback, I've pushed a fix for the package and seems that only missing thing was a ln -s from gcc to cc.
  • G

    How large should my Squid 3 cache be?

    5
    0 Votes
    5 Posts
    2k Views
    B
    I see, thank you. :)
  • T

    Dansguardian unusable

    25
    0 Votes
    25 Posts
    6k Views
    T
    great, thanks for the tip, I will check that out sometime soon…
  • T

    Dansguardian clamav and other issues fix

    19
    0 Votes
    19 Posts
    4k Views
    ?
    Very bad practice!
  • ?

    Mailscanner configuration

    1
    0 Votes
    1 Posts
    798 Views
    No one has replied
  • T

    SARG and Dansguardian problem

    9
    0 Votes
    9 Posts
    3k Views
    T
    I could try to use the console, what commands would I need to run? Funny thing is if I go to the schedule and do a "force update now", no errors are produced in the log.
  • J

    Understanding squid proxy server

    1
    0 Votes
    1 Posts
    993 Views
    No one has replied
  • D

    PfBlocker Fails to start

    3
    0 Votes
    3 Posts
    1k Views
    D
    Hi All, Problem resolved. Dan.
  • C

    Log Squid in Syslog

    3
    0 Votes
    3 Posts
    5k Views
    C
    Ok, I managed to get things working.  Doing log analysis is soooo great using splunk!  I uninstalled all my packages.  I then installed Dansguardian first, then squid3.  I think the first time I had selected the "squid" package vs the "squid3' package.  I then added the following in the Custom Options section of the proxy server settings page: access_log syslog:local5.info squid Hope this helps if anyone else has this issue!
  • D

    Google TV with Squid

    1
    0 Votes
    1 Posts
    882 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.