Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ

    @aGeekhere They just release Squid 7 and it is stable if you want to check it out

    "The Squid HTTP Proxy team is very pleased to announce the availability
    of the Squid-7.1 release!

    This release is, we believe, stable enough for general production use.
    We encourage all users of any previous major version of Squid to upgrade to it,
    as well as users of beta version 7.0.X.

    It can be downloaded from GitHub, at
    https://github.com/squid-cache/squid/releases/tag/SQUID_7_1

    Since version 6, Squid offers:

    better support for overlapping IP ranges and wildcard domains in acl countless security, portability, and documentation fixes

    Since version 6, some previously deprecated features have been removed:

    Edge Side Includes (ESI) access to the cache manager using the cache_object:// scheme - use
    http instead the squdclient tool - use curl
    http://<squid-address>/squid-internal-mgr/menu instead the cachemgr.cgi tool the purge tool - use the http PURGE method instead Ident protocol support basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's
    ntlm_auth instead

    Further details can be found in the release notes and in the changelog

    Please remember to run "squid -k parse" when testing the upgrade to a new
    version of Squid. It will audit your configuration files and report
    any identifiable issues the new release will have in your installation
    before you "press go".

    If you encounter any issues with this release please file a bug report at
    https://bugs.squid-cache.org/

    --
    Francesco Chemolli

    squid-users mailing list
    squid-users@lists.squid-cache.org
    https://lists.squid-cache.org/listinfo/squid-users"

    I am having issues with this right now

    "I got as far as this with the make clean install no matter what I do I can’t get this package installed. I have tried pkg install heimdal same error after install and pkg install krb5 and pkg install krb5-devel. I don’t know what I am doing wrong it does the make clean for a while and crashes for the bootstrap version the other one I could get going

    ERROR: checking whether S5L_CTX_sess_set_get_cb() callback accepts a const ID argument" ... yes checking "whether X509_get0_signature() accepts const parameters" ... yes checking whether the TXT_DB use OPENSSL_PSTRING data member... yes checking whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_V alue should used... no checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used ... yes configure: OpenSSL library support: yes -lcrypto -lss1 configure "Library -Kit-kros" support: no (auto) /configure: LIBHEIMDAL_KRB5_PATH+=-L/usr/lib: not found /configure: LIBHEIMDAL_KRB5_CFLAGS+=-1/usr/include: not found checking for LIBHEIMDAL_KRB5... no configure: error: Required library 'heimdal-krb5' not found ニニニン Script "configure" failed unexpectedly. Please report the problem to timp87@gmail.com maintainerl and attach the '/usr/ports/uuu/squid/uork/squid-7.1/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system te.g. a /usr/local/sbin/pkg-static into -g -tal. *** Error code 1 Stop. makel1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid root@free:/usr/ports/www/squid #"

    it gets so far along and fails with this error.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M

    @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

    Therefore:

    Addition for anyone struggling to find where to edit files on your pfsense system.

    Go to Diagnostics --> Edit File --> insert the location of the file:

    /usr/local/pkg/pfblockerng/pfblockerng.sh

    Go to line number 1232 by filling it in the Go to line field.

    That line should read:

    s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

    replace only (leave the rest intact):

    masterfile

    to

    mastercat

    Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    572 Posts
    A

    We have a very basic configuration between three locations. All are running Netgate firewalls (1x 4100, 1x 6100 & 1x 4200). All are on the latest firmware (03.00.00.01-2Ct-uc-15) and system versions (24.11-RELEASE).

    The local subnets are as follows:
    4100 - 192.168.5.0/24
    4200 - 192.168.4.0/24
    6100 - 192.168.1.0/24

    The VPN traffic between the 4100 and 4200 is functioning 100% as expected

    The traffic between 6100 and the 4100 works going from the 4100 subnet (192.168.5.0/24) to the 6100 subnet (192.168.1.0/24)

    Traffic from the firewall (i.e. the 6100 device) to the 4100 subnet works (i.e. I can ping any device on the 192.168.5.0/24 subnet from the 6100 firewall) but I cannot ping any device on the 4100 (192.168.5.0/24) subnet from any device on the 6100 subnet (192.168.1.0/24) - other than from the firewall itself.

    All routes are correct, but it seems that traffic from the 192.168.1.0/24 subnet hits the firewall and then gets lost - traceroute shows that it goes off into the internet.

    Note too that the 6100 has IPsec VPN configured on it as well

    Suggestions would be appreciated

    Attached is a zipped pdf file with the relevant screenshots
    Relevant screen shots.zip

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Yes, have followed that guide and infact have set up quite a few Wireguard tunnels before with no issue. The difference this time is the CGNAT. I am pretty sure its some quirk of the CGNAT that is causing this but still unsure how to diagnose.

    My firewall settings on the tunnel interfaces are correct I think and are the same as I normally use, there is no blockage there.

  • System Patches Package v2.2.20_1 / v2.2.11_17

    Pinned
    12
    12 Votes
    12 Posts
    3k Views
    S

    There are new system patches available (2.2.21), maybe I miss the announcement here...
    https://github.com/pfsense/FreeBSD-ports/commit/8ffb307ed8845ebeeba2d00f258fd51256d0e756

    Yes I do...
    https://forum.netgate.com/post/1214795

  • DNS Broken for pkg.pfsense.org

    Pinned Locked
    3
    0 Votes
    3 Posts
    13k Views
    jimpJ

    https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2

  • Packages wishlist?

    Pinned
    661
    0 Votes
    661 Posts
    2m Views
    O

    PRTG

  • 0 Votes
    5 Posts
    79 Views
    bmeeksB

    @aaronouthier said in Looking for few pointers getting Suricata on PFSense to talk to my Security Onion box.:

    Ok, so I've been researching the topic. It seems SO has an integration for PFSense. However, the FreeBSD implementation of Syslog is not optimal for this purpose, as mentioned above.

    Although I am comfortable with CLI Linux, I am effectively a Newbie with regard to BSDs.

    My next question is: What would be the least invasive method as far as the PFSense Box to export just the Suricata logs? I believe I saw an option to log to a Unix Socket. Would that be helpful coupled with something like Netcat? I'm not necessarily looking for help with such a feat, just wondering if such would likely be fruitful, or am I just chasing the infamous wild goose?

    I recommend exporting the EVE JSON log as that will be the most comprehensive. To export to a UNIX socket, change the EVE OUTPUT TYPE setting to UNIX socket. You will need to manually create the socket and give it a name. It will be up to you then to "receive" the socket data stream and redirect it elsewhere (seems you want it remote for your case to Security Onion).

  • Introduce openvpn-auth-oauth2 as pfSense package

    2
    0 Votes
    2 Posts
    55 Views
    A

    @cdal

    This could be a great security improvement ... It's the only way to do MFA with "LDAP/AD" backend for exemple (using oauth 2 proxy for exemple)

  • How to update to the latest Telegraf version

    9
    0 Votes
    9 Posts
    1k Views
    R

    @rocket

    Updated July 20-2025

    pfsense 24.11 - Telegraf freebsd-15

    pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg

    pfsense 2.7.2 - Telegraf freebsd-14

    pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg

    https://www.freshports.org/net-mgmt/telegraf/#history

  • Updated PIMD package (beta)

    1
    0 Votes
    1 Posts
    52 Views
    No one has replied
  • pfSense-pkg-WireGuard removal failed!

    1
    0 Votes
    1 Posts
    30 Views
    No one has replied
  • 0 Votes
    1 Posts
    28 Views
    No one has replied
  • New widget for the official speedtest.net cli version.

    6
    4 Votes
    6 Posts
    938 Views
    A

    @ameinild Yes, I just confirmed at home that it is still working. I had some icon error right after install, but this seems to be fixed now. 👍

  • crowdsec

    30
    0 Votes
    30 Posts
    1k Views
    dennypageD

    @Zermus said in crowdsec:

    It's a shame Elastic took their stuff in house and ELK stacks are no longer free. Tom Lawrence's (https://www.youtube.com/@LAWRENCESYSTEMS) videos convinced me that I should go over to Graylog Open on my personal stuff when that happened and I'm happy with it.

    I always viewed ELK as overly complicated. Graylog is much more manageable, although the console isn't as nice. Work in progress.

  • Installing sudo or nano issues?

    13
    0 Votes
    13 Posts
    402 Views
    w0wW

    @MrWhatZitTooya666 said in Installing sudo or nano issues?:

    "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-core",
    "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-pfSense_v2_8_0",

    looks good.

    Try Forced pkg Reinstall

    https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html

    To forcefully reinstall all packages, take the following steps:

    Make a backup Clean the repository and forcefully reinstall pkg, repo data, and the upgrade script: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade Force a reinstall of everything: pkg-static upgrade -f

    Review the list of changes and enter y to proceed

    Manually reboot the firewall

  • Main pfsense package is removed

    1
    0 Votes
    1 Posts
    76 Views
    No one has replied
  • Telegraf and Grafana Dashboards

    5
    4 Votes
    5 Posts
    2k Views
    Sergei_ShablovskyS

    Recently (May-Jun 2025) Grafana received a HUGE update (even possible to saying “reworked from scratch” because some fundamental changes made): from more closely integration with GitLab CVS and making the database abstraction layer to tabs, custom and dynamic dashboards and interactive elements.
    After some time of stagnation, “new Grafana” start to receive a real most asked and usable updates. Just look at this!

    With this new updates Your Grafana’s dashboard for pfSense receive a REALLY USEFUL FORM !

    P.S.
    And personally I need to note that pfSense Dashboard lost their actuality because in Grafana You may receive more usable, dive-in-detailed, much more detailed and granulated, interactive view and (in some cases, more important than view) strongly secured user authentication scheme.

  • 0 Votes
    31 Posts
    2k Views
    johnpozJ

    @dennypage nice! I think the running 3 instances and filtering vlans on 0 (untagged traffic) would eliminate any sort of bogon because the source IP range is different than the actual network being seen on.

  • Telegraf on PFsense Error

    13
    0 Votes
    13 Posts
    586 Views
    P

    @gm2005fl that's great news, and very useful information for those of us (i.e me!) not realising there are different versions InfluxDB :)

  • HA proxy with ssl

    4
    0 Votes
    4 Posts
    236 Views
    R

    @Gertjan said in HA proxy with ssl:

    not mail.contose.com.

    @Gertjan I have 2 isp and mail.contose points to those ip addresses and MX. I am using a linux mail server. I have a DV cert installed on each server. for my web server I have added the following:

    f12dc686-bf5e-4470-893e-fe8317269460-image.png

    6940d697-2a2b-4945-b93b-535c91cf9676-image.png

    and the default backend for that rule is httpswww-copy

  • 0 Votes
    7 Posts
    1k Views
    fireodoF

    @jimp

    Hi,

    as far as I know the lcd driver (LCDd) is connected to the display via USB/Serial/Parallel but the lcdproc process is connected to the driver in this way:

    Bind=127.0.0.1 Port=13666

    Extract from pfctl -ss:

    lo0 tcp 127.0.0.1:20639 -> 127.0.0.1:13666 ESTABLISHED:ESTABLISHED lo0 tcp 127.0.0.1:13666 <- 127.0.0.1:20639 ESTABLISHED:ESTABLISHED

    So there could be a possibility to loose connection when states get killed ... IMHO (If I'm wrong please correct)

    EDIT: I cleared all states and this made the lcdproc also to loose connection flooding the syslog. After restarting lcdproc all fine again.

    Regards,
    fireodo

  • Install OpenRTSP on pfSense

    4
    0 Votes
    4 Posts
    327 Views
    johnpozJ

    @heavymetalforever78 pfsense can for sure run on 1gb of ram - and other VMs could run on far less.. I have both a 2.8 vm and a 24.03 vm running on my nas, they only get 1GB each, etc.

    Don't try running some type 2 VM, run something like esxi or proxmox or something on the hardware..

    To be honest if your goal is a NVR - get an actual NVR.. They use very little power, and are not all that expensive. I see some on amazon for like 60 bucks.. You would have to add some HDD.. but how much can a 2 or 4TB disk cost these days?

    Trying to use your "firewall" as your everything box is never a good idea.

  • TFTP Server WAN Interface

    1
    0 Votes
    1 Posts
    142 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.