Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Snort 2.9.7.0 – Preview of new OpenAppID feature

    27
    1 Votes
    27 Posts
    18k Views
    bmeeksB

    @Supermule:

    But it should be so easy if PfSense had Layer 7 inspection built in??

    ISA Server had it and it worked like a charm.

    Tell it to block facebook and it did…Like Snort is doing now, but somehow much more elegant if you know what I mean.

    I would expect some collections of common app rules to start appearing as this feature becomes more widespread.  Sourcefire (Cisco) just open-sourced this technology in Snort 2.9.7.0.  That's why info is currently scarce.

    Today it is a little awkward to use because you must write your own rules.

    OpenAppID uses Lua scripts for the app detection coding.  It might could be adapted into the pf L7 filter one day, but I'm not sure.

    Bill

  • Lightsquid package?

    3
    0 Votes
    3 Posts
    918 Views
    K

    @marcelloc:

    Did you tried sarg?

    No, I haven't, but that's exactly what I'm looking for.  Thanks!

    Which Squid packages are compatible?

  • [Solved] Google http Problem

    2
    0 Votes
    2 Posts
    798 Views
    T

    Got it

    Problem was sthat some computer had the name www.google.ch  :P Changed settings of the DNS resolver –> Unchecked "Register DHCP leases in DNS forwarder" and "Register DHCP static mappings in DNS forwarder"

    cheers Thafener

  • Installation of squidGuard-squid3 FAILED!

    2
    0 Votes
    2 Posts
    1k Views
    KOMK

    System - Advanced - Miscellaneous - Package settings - Package signature - Do NOT check package signature

  • Squid TCP_MISS 100% of the time

    8
    0 Votes
    8 Posts
    3k Views
    H

    same on me.. TCP_MISS always.. :(

    squid3.jpg
    squid3.jpg_thumb

  • HAVP and sky on demand proxy servers

    1
    0 Votes
    1 Posts
    678 Views
    No one has replied
  • How do sent squid3-dev log to system log or syslog?

    1
    0 Votes
    1 Posts
    472 Views
    No one has replied
  • Block Youtube http and https

    7
    0 Votes
    7 Posts
    1k Views
    A

    Dear it is not blocking https.

    let me know any other method.

  • BIND Legacy name server ID

    3
    0 Votes
    3 Posts
    922 Views
    G

    Even better, can do the following to disable BIND Legacy name server ID all together.

    hostname none;

  • Preview of two new feautures in upcoming Suricata 2.0.4 pkg v2.1 update

    4
    0 Votes
    4 Posts
    5k Views
    marcellocM

    @charliem:

    And then change ntopng, suricata, and bind

    and pfblocker, varnish , pfsense, ….  ;D

  • Email reports - receiving empty email report

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    Use the full path to commands. The report doesn't use the search path. So those should be running /usr/local/sbin/smartctl

  • Unbound causing problem

    2
    0 Votes
    2 Posts
    588 Views
    jimpJ

    Is this with the package on 2.1.x, or on 2.2? If it's on 2.2, try posting on the 2.2 board and not the package board.

  • Snort 3.0

    5
    0 Votes
    5 Posts
    2k Views
    bmeeksB

    Yes, I will keep tabs on Snort 3.0.  Hopefully it will make it into pfSense.  The only reason I say "hopefully" is to hedge things in case there is some fundamental kernel level incompatibility or something (not likely, but not impossible).

    It looks like it will be a while since it is in an early ALPHA stage.  Multithreading Snort with a more "automatic" configuration sounds quite interesting!

    Bill

  • Squid 3 Not caching.

    4
    0 Votes
    4 Posts
    1k Views
    M

    I am totally lost now. I am not sure why is it not caching anything. The pages are displaying perfectly but nothing is cached.

    Is there something else that need's to be configured to get the caching working?

  • HTTP to HTTPS Redirect not Working Externally Throught WAN

    1
    0 Votes
    1 Posts
    752 Views
    No one has replied
  • Bandwidthd 2.0.1_5 pkg v.0.5 can't start

    2
    0 Votes
    2 Posts
    918 Views
    N

    I'm posting as I came across the same issue, and figured out the solution.

    The system log tells you the start/stop script /usr/local/etc/rc.d/bandwidthd.sh
    Login to the shell, can find out which config file is being used, in my case /usr/pbi/bandwidthd-amd64/bandwidthd/etc/bandwidthd.conf

    then read the file with line numbers : less -N /usr/pbi/bandwidthd-amd64/bandwidthd/etc/bandwidthd.conf

    I had : filter ip

    which should be: filter "ip" <<< double quotes

    Change using web interface, and it will work.

    I hope this helps someone

    regards
    CJ

  • Squidguard filtering stop working

    2
    0 Votes
    2 Posts
    2k Views
    M

    I have the same issue as you.
    No solution yet.

  • Getting email spam, Warning: filemtime():

    6
    0 Votes
    6 Posts
    1k Views
    V

    Thank you gentleman! Seems to have fixed my email spamming issue!

  • Havp and Squid

    3
    0 Votes
    3 Posts
    1k Views
    K

    Hello,

    I currently have "parent for squid proxy"

    thanks for suggestions, i set the same ;)

    I haven't found a good updated install & config guide for HAVP yet but still looking…..

    Well, for me I install it but at 1st all status of HAVP are in red and after a while (itself update…) all started and become green.. :D

  • GEO IP support in bind package

    1
    0 Votes
    1 Posts
    560 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.