Subcategories

• Cache/Proxy

  Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.
  4k Topics

  21k Posts

  N

  Can I use pgblockerng aliases in Haproxy?

  80758505-9bad-4dad-a80b-c159be1045a2-image.png

  If it was a firewall rule, typing pfb would produce a dropdown to select.

  Here it has to be written, but will it work? Is it supported?

• IDS/IPS

  Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.
  2k Topics

  16k Posts

  B

  I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

  Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

• Traffic Monitoring

  Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.
  571 Topics

  3k Posts

  K

  @pulsartiger
  The database name is vnstat.db and its location is under /var/db/vnstat.
  With "Backup Files/Dir" we are able to do backup or also with a cron.

• pfBlockerNG

  Discussions about the pfBlockerNG package
  3k Topics

  20k Posts

  M

  @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

  Therefore:

  Addition for anyone struggling to find where to edit files on your pfsense system.

  Go to Diagnostics --> Edit File --> insert the location of the file:

  /usr/local/pkg/pfblockerng/pfblockerng.sh

  Go to line number 1232 by filling it in the Go to line field.

  That line should read:

  s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

  replace only (leave the rest intact):

  masterfile

  to

  mastercat

  Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

• UPS Tools

  Discussions about Network UPS Tools and APCUPSD packages for pfSense
  99 Topics

  2k Posts

  K

  @elvisimprsntr thanks for your suggestion. I will give it a try.

• ACME

  Discussions about the ACME / Let’s Encrypt package for pfSense
  493 Topics

  3k Posts

  J

  @MacUsers

  https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

  edit: oh you prob out of luck

  You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

  the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

• FRR

  Discussions about the FRR Dynamic Routing package on pfSense
  294 Topics

  1k Posts

  R

  I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

  When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

• Tailscale

  Discussions about the Tailscale package
  88 Topics

  572 Posts

  A

  We have a very basic configuration between three locations. All are running Netgate firewalls (1x 4100, 1x 6100 & 1x 4200). All are on the latest firmware (03.00.00.01-2Ct-uc-15) and system versions (24.11-RELEASE).

  The local subnets are as follows:
  4100 - 192.168.5.0/24
  4200 - 192.168.4.0/24
  6100 - 192.168.1.0/24

  The VPN traffic between the 4100 and 4200 is functioning 100% as expected

  The traffic between 6100 and the 4100 works going from the 4100 subnet (192.168.5.0/24) to the 6100 subnet (192.168.1.0/24)

  Traffic from the firewall (i.e. the 6100 device) to the 4100 subnet works (i.e. I can ping any device on the 192.168.5.0/24 subnet from the 6100 firewall) but I cannot ping any device on the 4100 (192.168.5.0/24) subnet from any device on the 6100 subnet (192.168.1.0/24) - other than from the firewall itself.

  All routes are correct, but it seems that traffic from the 192.168.1.0/24 subnet hits the firewall and then gets lost - traceroute shows that it goes off into the internet.

  Note too that the 6100 has IPsec VPN configured on it as well

  Suggestions would be appreciated

  Attached is a zipped pdf file with the relevant screenshots
  Relevant screen shots.zip

• WireGuard

  Discussions about WireGuard
  689 Topics

  4k Posts

  P

  @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

  I will try and do some packet capture to see if that reveals anything.