Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A

    i am using pfsense 2.8.0 with haproxy 0.63_10 and i have 4 sites that redirect to two different web server, i am using two frontend, one for http request redirect to https using rule: scheme https, and a second with type ssl/https(tcp mode) to redirect the request with the acl and the action, now i want to add a new site to one of the web servers i create a new backend (and even tried duplicate) and add the proper acl and action as always did but for some reason since the update to 2.8.0 the redirect keeps going to the wrong backend, i tried a test and rewrote and old backend and updated the acl and rule in the frontend and it works fine, is there a known bug since the update because it keeps happening even after reboot to pfsense and the haproxy service and reinstall of the package.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M

    I resolved this by accepting the T+Cs via

    https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD

    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade:

    Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working.

    Glad you have it sorted.

    There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting.
    ...
    Question: What would tell me whether or not a driver was loaded?

    If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver).

    Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name).

    You can see the quirk with the following command:

    [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root:

    Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver.

    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade:

    You might consider adding this resolution to the release notes for 2.8.

    LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    576 Posts
    TommyMooT

    @elvisimprsntr Thanks, just updated, works fine! 👍 😊

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J

    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection.

    If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application?

    Thanks.

  • Unable to communicate to the pfsense package server

    4
    0 Votes
    4 Posts
    2k Views
    B

    Did you have it set to GW on your LAN? Or Like was your interface setup?

  • Tftp not working (clean install of pfsense)

    2
    0 Votes
    2 Posts
    1k Views
    D

    After further review of older threads I noticed that tftpd was listening on 127.0.0.1  I added an internal UDP portforward to 69 and everything works now.

  • Unable to Use Dansguard

    2
    0 Votes
    2 Posts
    1k Views
    R

    Test this in a logical, step-by-step fashion so that you can tell what is broken before adding the redirect rule…

    1.) Validate that Squid and Dans are both running... If so...
    2.) Try connecting the browser (via explicit proxy settings) to squid and make sure you can get out... If so...
    3.) Try connecting the browser (via explicit proxy settings) to dans and make sure you can get out... If so...
    4.) Add the redirect rule and delete your browser proxy settings.

  • Possible Squid Issue with Streaming

    4
    0 Votes
    4 Posts
    1k Views
    C

    So, I disabled HAVP and everything works perfectly. I had to reboot the pfSense system after I did because I was getting bandwidth errors. Is there a way that I can just install a virus scanner on the box? I'm using Squid 2.7.9 pkg v.4.3.3

  • Unbound and android 4.1

    18
    0 Votes
    18 Posts
    4k Views
    B

    @doktornotor:

    @bryan.paradis:

    https://redmine.pfsense.org/projects/pfsense/repository/revisions/9399370b367df7b73b84d605f4f44599c93b0bbe/diff

    https://redmine.pfsense.org/issues/3015

    That fix clearly did not work (presumably due to the fact is is failing to check anything but the first and second DNS entries in System - General Setup.)

    It is related to the same problem but it is a fix for DNS zones. I have updated your bug report with the related information.

  • Unbound package - enable forwarding still no-op

    18
    0 Votes
    18 Posts
    3k Views
    D

    Thanks a lot for quick fix!

  • Squid User's speed is very low!!!!

    1
    0 Votes
    1 Posts
    639 Views
    No one has replied
  • How to make sites exempt from HAVP?

    1
    0 Votes
    1 Posts
    681 Views
    No one has replied
  • PfBlocker whitelist?

    4
    0 Votes
    4 Posts
    5k Views
    BBcan177B

    @digdug3:

    This works, but then you also have to open all the ports you have configured to this whitelist.
    If the IP was not blocked at all it would behave "normally" to the next rules.

    Hi digdug3,

    The order of the rules in the Firewall tab are important.

    Block first and than Pass next.

    If you are having a specific issue, post the issue and maybe someone might be able to help.

  • Squid Pfsense 2.1 and multi wan

    2
    0 Votes
    2 Posts
    1k Views
    B

    Just a friendly reply.

    I do not have the same configuration. I have one WAN and two OPTs hoping to get a reverse proxy working.

    It's not working, but there may be an additional contributing factor that I don't know what I'm doing and the instructions are severely lacking.

  • Unable to install vnstat2

    26
    0 Votes
    26 Posts
    6k Views
    N

    very well thank you!!! :)

  • Can't Access NTOP

    4
    0 Votes
    4 Posts
    2k Views
    R

    You are welcome :)

  • Pfsense, alias and subdomains needed

    6
    0 Votes
    6 Posts
    7k Views
    P

    according to the proxy config, you can use a man-in-the-middle approach. It requires that you setup a WPAD/PAC in DNS or DHCP. This is new to me, but reading up on it looks promising. I am using my proxy only as a way to control site my girls should not be seeing. They can get to https sites though. This might be a way to circumvent that limitation.
    Please post if you have any success, if you use it.

  • Squid+squidGuard: web pages are timing out, they load after refreshing

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Dansguardian installation problem - amd64

    3
    0 Votes
    3 Posts
    887 Views
    J

    Hi Guys i had the same problem installing dansGuardian yesterday too….

    there was a typo in the dansguardian.inc file when first installing
    at line
    1201  ----->    @unlink($script))

    should read
                  @unlink($script);

    it has been fixed today.....

  • Snort whitelist by command line

    12
    0 Votes
    12 Posts
    4k Views
    bmeeksB

    @jandohrmann:

    Hi Bill,

    Brilliant solution - thank you!

    Best Regard
    Jan

    By the way, I plan to add this new IP Reputation Preprocessor option to the next Snort update (should be in the 2.9.6.0 package when it comes out in about a month).

    Bill

  • Snort 2.9.5.5 pkg v3.0.1 Update – Minor bug fixes

    65
    0 Votes
    65 Posts
    19k Views
    bmeeksB

    @fragged:

    @BBcan17:

    @fragged:

    Bills pull request has still not been accepted. The change you saw was this: https://github.com/pfsense/pfsense-packages/commit/048bb82a0e2c814da90816657ecedf59fedf8dbd

    Thanks for the update fragged. I thought that security issue on the Web GUI was fixed in the previous release?

    It still shows as 3.0.2 after this update.

    I'm not an expert with html/php, but it seems like this is a better fix for the same issue that was already fixed by Ermal before.

    Yes, this latest fix is an improvement over the first one.  Some more changes similar to this will be coming in the next Snort update to further harden the GUI code a bit.  It contains a lot of quite old HTML/PHP stuff that I had just left alone since it worked.  However, in today's more security conscious environment, some hardening is needed.

    Bill

  • Squid 3.3.10 with SSL Filtering some web page are broken

    1
    0 Votes
    1 Posts
    688 Views
    No one has replied
  • Possible BUG in Snort custom.rules

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B

    @bmeeks:

    I submitted the fix for this problem in the current Snort 2.9.5.6 pkg v3.0.4 Pull Request that is posted on GitHub now.  So as soon as the Core Team guys review and approve the request, this fix will be posted.  Here is the link to the request:  https://github.com/pfsense/pfsense-packages/pull/582

    Bill

    Thanks Bill. I guess there is the changelog.

    Unfortunately after this upgrade, I dont see any of these changes. There are no new icons in the Alerts Tab, Clicking on a remove Block still brings it to the Lan interface. The Rules tab is not updated.

    Maybe this is still the previous release? Let me know if you want me to test anything.

    Thanks.

  • SNORT - Unusual ping detected

    3
    0 Votes
    3 Posts
    3k Views
    C

    Thanks a lot Bill..!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.