Subcategories

• Cache/Proxy

  Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.
  4k Topics

  21k Posts

  J

  @ha11oga11o and again - not an issue if you don't try and use the same domain internally as you do externally. Haproxy doesn't care from what direction you are coming from, wan or lan makes no difference. It remember which connection is allowed, at which cert if you always hit haproxy via the pfsense wan IP - it would always be the same cert.. Not from outside public cert, and internally selfsigned cert. you list a rfc1918 address on pfsense wan, or are you trying to hit your lan address 192.168.1.1 ? If you hit that and your on the 192.168.1 network you going to run into an asymmetrical problem where sure haproxy will send to your .214 address but when your service answers to a 192.168.1.x address to the client that would be coming from a different host than who it talked to.. Your fqdn you want to use should hit the wan IP of pfsense.
• IDS/IPS

  Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.
  2k Topics

  16k Posts

  R

  @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.
• Traffic Monitoring

  Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.
  573 Topics

  3k Posts

  D

  @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.
• pfBlockerNG

  Discussions about the pfBlockerNG package
  3k Topics

  20k Posts

  G

  @carlinix said in DNSBL blockpage only works with root domain: Meaning http://detectportal.firefox.com/ redirects to the DNSBL blockpage with the blocked domain info "This website detectportal.firefox.com has been blocked by the Network Administrator!" I presume that "detectportal.firefox.com" is just an example here. But ... be aware that this URL shouldn't be blocked if possible for two reasons : The resource requested returns just a 8 byte 'page' : it says 'success'. This URL is most probably be used by the OS or app on a device (probably Firefox ) to detect the presence of a captive portals on the connected network.
• UPS Tools

  Discussions about Network UPS Tools and APCUPSD packages for pfSense
  102 Topics

  3k Posts

  D

  @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.
• ACME

  Discussions about the ACME / Let’s Encrypt package for pfSense
  503 Topics

  3k Posts

  M

  I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?
• FRR

  Discussions about the FRR Dynamic Routing package on pfSense
  296 Topics

  1k Posts

  C

  This one has been tricky still not sure what to try. Any ideas?
• Tailscale

  Discussions about the Tailscale package
  93 Topics

  641 Posts

  L

  For some odd reason, even though the service seems UP, and routes (apparently from tailscale) looks fine, the service itself is not working. E.g. I cannot connect to other hosts on my tailscale network. From pfsense itself it works, but not from my e.g. my LAN. As soon as I restart the tailscale service in the UI it works immediately after.
• WireGuard

  Discussions about WireGuard
  714 Topics

  4k Posts

  R

  I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you