1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • F

    Pfblocker with squid/squidguard

    3
    0 Votes
    3 Posts
    2k Views
    R

    I came across this post regarding pfblocker, squid, and floating rules. https://forum.pfsense.org/index.php?topic=44479.0 It's from 2011 so not too sure if its still relevant.

  • S

    SSTP behind Squid Reverse Proxy ?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • P

    HAVP not blocking EICAR test downloads

    2
    0 Votes
    2 Posts
    1k Views
    G

    How are you running HAVP? Is it bound to the loopback or a phyical interface and are you redirecting traffice to it?

  • M

    No pcap with Snort Emerging Threats Alerts

    4
    0 Votes
    4 Posts
    3k Views
    P

    I stand corrected … Thank You!!

    Now ... why does this not work for ET?!  ;D

  • belleraB

    Squid - Duplicate cron bug

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM

    This situation happens because gui does not preserve hidden squid cron identification.

    In some situations will act like a bug but on other like a custom cron config.

  • belleraB

    Squid - rotate nightmare

    27
    0 Votes
    27 Posts
    11k Views
    belleraB

    @exograpix asked for explaining the new option about rotate cron.

    squid3-dev 3.3.10 pkg 2.2.1

    0  0  *  *  *  root  /bin/rm /var/squid/cache/swap.state; /usr/pbi/squid-amd64/sbin/squid -k rotate -f /usr/pbi/squid-amd64/etc/squid/squid.conf */15  *  *  *  *  root  /usr/local/pkg/swapstate_check.php

    squid3-dev 3.3.10 pkg 2.2.2 version default

    0  0  *  *  *  root  /usr/pbi/squid-amd64/sbin/squid -k rotate -f /usr/pbi/squid-amd64/etc/squid/squid.conf */15  *  *  *  *  root  /usr/local/pkg/swapstate_check.php

    squid3-dev 3.3.10 pkg 2.2.2 version with reseting the cache –--> Proxy server: Cache management: Clear cache on log rotate

    0  0  *  *  *  root  /usr/local/pkg/swapstate_check.php clean; /usr/pbi/squid-amd64/sbin/squid -k rotate -f /usr/pbi/squid-amd64/etc/squid/squid.conf */15  *  *  *  *  root  /usr/local/pkg/swapstate_check.php

    So, if you activate the new option you will reset your cache every night.

    At 2.2.1 cache.log file wasn't rotate because squid.conf didn't have any debug_options rotate=N (squid3 syntax) line. And rm for swap.state is not necessary, as discussed in this thread.

  • belleraB

    Squid3-dev - wrong github commit link at WebGUI

    1
    0 Votes
    1 Posts
    695 Views
    No one has replied
  • M

    Squid external_acl_type for DHCP CHECK

    1
    0 Votes
    1 Posts
    973 Views
    No one has replied
  • belleraB

    SquidGuard log rotate bug

    2
    0 Votes
    2 Posts
    2k Views
    belleraB

    I forgot to say that squid is trying also to write to /var/log/squidGuard.log

    cat /var/squid/logs/cache.log | grep /var/log/squidGuard.log 2014-04-05 11:19:04 [23381] (squidGuard): can't write to logfile /var/log/squidGuard.log

    My work around

    cd /var/log rm /var/log/squidGuard.log ln -s /var/squidGuard/log/squidGuard.log squidGuard.log

    Everything ok and no more logs from squidGuard at squid cache.log

  • M

    Snort failing to start after latest rules update

    5
    0 Votes
    5 Posts
    3k Views
    bmeeksB

    @madscientist159:

    Never mind.  It seems that if the disk usage is high enough (> 102% ?) Snort will sliently fail. :-[

    I am using NanoBSD, so I was a bit surprised by this.  I take it the Snort rules are not kept in tmpfs?
    [/quote]

    The rules are written to /usr/local/etc/snort (if on a 2.0.x machine) and to /usr/pbi/snort-arch/etc/snort on a 2.1 machine.  If there is not enough free disk space, bad things can certainly happen.

  • M

    Squid + Multi-WAN failover on 2.1 AMD64: does it work?

    6
    0 Votes
    6 Posts
    2k Views
    T

    See https://forum.pfsense.org/index.php?topic=74618.0 for a pure failover workaround.

  • J

    Squid dynamic caching url with ?

    2
    0 Votes
    2 Posts
    892 Views
    marcellocM

    this acl is created while caching windows update is selected on squid3-dev.

    # Windows Update refresh_pattern range_offset_limit -1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
  • P

    Can not remove or re-install package OpenVPN Client Export Utility

    5
    0 Votes
    5 Posts
    1k Views
    P

    You rock!  That did it.

    I deleted the openvpn-client-export.inc file.  It still showed up in the package manager.  But I was able to delete it normally after that point.

    I was then able to install it and my "Client Export" tab showed up as expected.

    Perfect!  Thanks again.

    -Keith

  • D

    Haproxy-devel 1.5-dev22 pkg v 0.7 on 2.1 - fatal error

    6
    0 Votes
    6 Posts
    1k Views
    D

    Thank you! It may come handy next time I build something like this from scratch.

  • BBcan177B

    Snort not Restarting after update

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB

    @BBcan17:

    Thanks Bill,

    Are there any other logs that I could look at to see where the issue could be? One of those routers is using the Open ET ruleset ("C") so its most likely not a recent rule, as the open ruleset is 30 days behind.

    Snort logs everything it logs to the system log, so if nothing is there to give a hint, you are out of luck.  Snort is not as "helpful" with logging as Suricata.  All of that is under control of the binary, so nothing can be done from the GUI package side.

    As for those rules, my understanding is the 30-day timer is actually per rule.  So some "rule X" in the set may hit 30-days old today and wind up in the ET Open collection while other rules may not.  At least that's how I believe it works on the Snort subscriber versus registered-user rules.

    Bill

  • S

    Captive portal + squid3-dev trouble

    6
    0 Votes
    6 Posts
    2k Views
    marcellocM

    You can also try to forward any dns request to a specific dns server using nat rules.

  • C

    Snort problem with installation of some rules

    10
    0 Votes
    10 Posts
    32k Views
    bmeeksB

    @coer:

    Thank you that is the answer.

    Glad I could help.. :)

    Bill

  • belleraB

    Squid3-dev netdb is looking for /var/log/squid directory

    10
    0 Votes
    10 Posts
    8k Views
    T

    Awesome Marcelloc  ;)

  • P

    Squid3 not logging access

    4
    0 Votes
    4 Posts
    3k Views
    marcellocM

    @ptbman:

    I've discovered (through netstat) that the port squid should be listening is closed. Any ideas?

    Enable ipv6 on system -> advanced.

    It's something with squid compilation on freebsd/pfsense.

  • belleraB

    [SOLVED] MultiLAN squid + proxy.pac for browsers + Chromium (doesn't work)

    5
    0 Votes
    5 Posts
    7k Views
    T

    Tip:
    https://calomel.org/proxy_auto_config.html

    isInNet(host, pattern, mask)

    isInNet(host, "192.168.249.79", "255.255.255.255")     is true if the IP address of host matches exactly 192.168.249.79. isInNet(host, "192.168.0.0", "255.255.0.0")     is true if the IP address of the host matches 192.168.*.*.

    Well it might work, but like you said you have hosts without local records…

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.