Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ

    @aGeekhere They just release Squid 7 and it is stable if you want to check it out

    "The Squid HTTP Proxy team is very pleased to announce the availability
    of the Squid-7.1 release!

    This release is, we believe, stable enough for general production use.
    We encourage all users of any previous major version of Squid to upgrade to it,
    as well as users of beta version 7.0.X.

    It can be downloaded from GitHub, at
    https://github.com/squid-cache/squid/releases/tag/SQUID_7_1

    Since version 6, Squid offers:

    better support for overlapping IP ranges and wildcard domains in acl countless security, portability, and documentation fixes

    Since version 6, some previously deprecated features have been removed:

    Edge Side Includes (ESI) access to the cache manager using the cache_object:// scheme - use
    http instead the squdclient tool - use curl
    http://<squid-address>/squid-internal-mgr/menu instead the cachemgr.cgi tool the purge tool - use the http PURGE method instead Ident protocol support basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's
    ntlm_auth instead

    Further details can be found in the release notes and in the changelog

    Please remember to run "squid -k parse" when testing the upgrade to a new
    version of Squid. It will audit your configuration files and report
    any identifiable issues the new release will have in your installation
    before you "press go".

    If you encounter any issues with this release please file a bug report at
    https://bugs.squid-cache.org/

    --
    Francesco Chemolli

    squid-users mailing list
    squid-users@lists.squid-cache.org
    https://lists.squid-cache.org/listinfo/squid-users"

    I am having issues with this right now

    "I got as far as this with the make clean install no matter what I do I can’t get this package installed. I have tried pkg install heimdal same error after install and pkg install krb5 and pkg install krb5-devel. I don’t know what I am doing wrong it does the make clean for a while and crashes for the bootstrap version the other one I could get going

    ERROR: checking whether S5L_CTX_sess_set_get_cb() callback accepts a const ID argument" ... yes checking "whether X509_get0_signature() accepts const parameters" ... yes checking whether the TXT_DB use OPENSSL_PSTRING data member... yes checking whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_V alue should used... no checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used ... yes configure: OpenSSL library support: yes -lcrypto -lss1 configure "Library -Kit-kros" support: no (auto) /configure: LIBHEIMDAL_KRB5_PATH+=-L/usr/lib: not found /configure: LIBHEIMDAL_KRB5_CFLAGS+=-1/usr/include: not found checking for LIBHEIMDAL_KRB5... no configure: error: Required library 'heimdal-krb5' not found ニニニン Script "configure" failed unexpectedly. Please report the problem to timp87@gmail.com maintainerl and attach the '/usr/ports/uuu/squid/uork/squid-7.1/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system te.g. a /usr/local/sbin/pkg-static into -g -tal. *** Error code 1 Stop. makel1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid root@free:/usr/ports/www/squid #"

    it gets so far along and fails with this error.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M

    @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

    Therefore:

    Addition for anyone struggling to find where to edit files on your pfsense system.

    Go to Diagnostics --> Edit File --> insert the location of the file:

    /usr/local/pkg/pfblockerng/pfblockerng.sh

    Go to line number 1232 by filling it in the Go to line field.

    That line should read:

    s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

    replace only (leave the rest intact):

    masterfile

    to

    mastercat

    Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    572 Posts
    A

    We have a very basic configuration between three locations. All are running Netgate firewalls (1x 4100, 1x 6100 & 1x 4200). All are on the latest firmware (03.00.00.01-2Ct-uc-15) and system versions (24.11-RELEASE).

    The local subnets are as follows:
    4100 - 192.168.5.0/24
    4200 - 192.168.4.0/24
    6100 - 192.168.1.0/24

    The VPN traffic between the 4100 and 4200 is functioning 100% as expected

    The traffic between 6100 and the 4100 works going from the 4100 subnet (192.168.5.0/24) to the 6100 subnet (192.168.1.0/24)

    Traffic from the firewall (i.e. the 6100 device) to the 4100 subnet works (i.e. I can ping any device on the 192.168.5.0/24 subnet from the 6100 firewall) but I cannot ping any device on the 4100 (192.168.5.0/24) subnet from any device on the 6100 subnet (192.168.1.0/24) - other than from the firewall itself.

    All routes are correct, but it seems that traffic from the 192.168.1.0/24 subnet hits the firewall and then gets lost - traceroute shows that it goes off into the internet.

    Note too that the 6100 has IPsec VPN configured on it as well

    Suggestions would be appreciated

    Attached is a zipped pdf file with the relevant screenshots
    Relevant screen shots.zip

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Yes, have followed that guide and infact have set up quite a few Wireguard tunnels before with no issue. The difference this time is the CGNAT. I am pretty sure its some quirk of the CGNAT that is causing this but still unsure how to diagnose.

    My firewall settings on the tunnel interfaces are correct I think and are the same as I normally use, there is no blockage there.

  • FreeRadius Package Goal?

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    S

    No.  I have gone over many times why dummynet shaping will not work with pf.  Please search the forum.

    Hint: its a freebsd bug.

  • Package manager xmlrpc dead

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    J

    That's some odd problem with having virtual/isp-routed set up in pfsense. I was able to ping pfsense via the web-gui PING only when choosing LAN interface. I didn't receive response when pinging via WAN interface (!?). As I've generally had hard times with setting up multiple ip's, I'll be looking into it if it's expected behaviour or some quirk.

  • Snort on 2 interfaces

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T

    http://forum.pfsense.org/index.php/topic,2546.msg14951.html#msg14951

    but as far as i know snort runs on a single interface only until now… scott is working on this...

  • Squid on 2 interfaces

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T

    mostly happens when your cfg is not complete or any mandatory options are not set…

    please check your gui for all necessary options and then hit save, start manually and after a reboot it should work...

    after a fresh install of the packages you have to hit save to create the cfg's... because of your snort-problem, too it sounds like it have should work then...

    Install pfSense
    Install Packages
    Configure Packages and hit save
    reboot pfsense
    -> should work... ?

  • RIP

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    B

    Re-enabled, I couldn't find any breakage.

    –Bill

  • Squid transparent proxy [on two interfaces]

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T

    It works after adding a rule from WLAN to Interface Adress TCP port 3128  ;D

    shame on me…

  • Squid forgets it's configuration after reboot

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Squid and squid_auth_radius

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    Last I heard that portion is not finished.

  • SNORT Rules not working

    Locked
    9
    0 Votes
    9 Posts
    9k Views
    S

    No, sorry, nothing as of yet.

  • Snort configuration

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    Y

    awesome, thanks for the link!

  • Spam getting through despite FW rules/snort

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Squid -DNS Server Processes are busy

    Locked
    9
    0 Votes
    9 Posts
    8k Views
    H

    i think i have too many users browsing the websites. it seems a lot of http connections.

  • Openntpd ignoring set interface (solved)

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    S

    thank you, impressing support!!

  • Package list in gui

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    All maintainer questions should be posted here.  We are about to remove our email addresses due to targeted personal questions.

    We just dont have the time for this kind of one on one support.

  • Snort error - "unable to open alerfile - exit"

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    S

    Okay, that is the problem.  Only monitor one LAN for the moment, that is a bug I need to fix.

  • Nmap package problem

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Squid and autenticated networks

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Squid install - error @ bottom of page

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    Thanks for the report.  This is mostly due to squid not being configured as of yet.  However it needs to be fixed.  I'll fix it soon.

  • Traffic accounting

    Locked
    20
    0 Votes
    20 Posts
    21k Views
    M

    does it really hard to implement a package for PFsense that would gather and count users trafic statistics and block them or rule-based basis? i remember, somewhere on this site i have read something like "pfsense is for those, who dont need to know how it works, but understand what is he/she wants"

  • Squid package feature request

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G

    Squid package requests :

    Support for URL RegExp ACLs, so that we can block dangerous file extensions and such.

    Support for any type of ACL's? maybe just have a 'add an acl' dialog =) Filtering mime types would be nice, but only very recent versions of squid offer this … this is a must in cases like JPEG vulnerabilities or massive worm outbreaks

    Squid log analysis/tracking package. Web usage by IP address (bandwidth/hits/history?) This may seem to be a big bigbrotherly to some, but there is definately a demand for tighter control in corporate environments.

    If none of them possible at the moment, what about a 'squid configuration editor' tool that would just open the 'text' version of the configuration? I would find this more confortable than having to hardcore rules in the config.xml file.

    Just ideas ...

    Thanks for the great work -

    -G

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.