Subcategories

• Cache/Proxy

  Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.
  4k Topics

  21k Posts

  N

  Can I use pgblockerng aliases in Haproxy?

  80758505-9bad-4dad-a80b-c159be1045a2-image.png

  If it was a firewall rule, typing pfb would produce a dropdown to select.

  Here it has to be written, but will it work? Is it supported?

• IDS/IPS

  Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.
  2k Topics

  16k Posts

  B

  I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

  Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

• Traffic Monitoring

  Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.
  571 Topics

  3k Posts

  K

  @pulsartiger
  The database name is vnstat.db and its location is under /var/db/vnstat.
  With "Backup Files/Dir" we are able to do backup or also with a cron.

• pfBlockerNG

  Discussions about the pfBlockerNG package
  3k Topics

  20k Posts

  G

  @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

  Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

  You've found a reason to use a VPN.

• UPS Tools

  Discussions about Network UPS Tools and APCUPSD packages for pfSense
  99 Topics

  2k Posts

  K

  @elvisimprsntr thanks for your suggestion. I will give it a try.

• ACME

  Discussions about the ACME / Let’s Encrypt package for pfSense
  493 Topics

  3k Posts

  J

  @MacUsers

  https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

  edit: oh you prob out of luck

  You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

  the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

• FRR

  Discussions about the FRR Dynamic Routing package on pfSense
  294 Topics

  1k Posts

  R

  I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

  When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

• Tailscale

  Discussions about the Tailscale package
  89 Topics

  574 Posts

  A

  Hello,
  I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
  link text

  This state persists even after performing the following troubleshooting steps:

  Rebooting the pfSense router.

  Completely uninstalling and reinstalling the Tailscale package multiple times.

  Clearing browser cache and using a private browser window.

  Toggling the main "Enable Tailscale" checkbox in the settings.

  Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

  Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

  It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

• WireGuard

  Discussions about WireGuard
  689 Topics

  4k Posts

  P

  @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

  I will try and do some packet capture to see if that reveals anything.