Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Postfix disabled on pfsense upgrade…why?

    2
    0 Votes
    2 Posts
    739 Views
    marcellocM

    The service is disabled during uninstall/reinstall.

  • NRPE dont_blame_nrpe=1

    1
    0 Votes
    1 Posts
    716 Views
    No one has replied
  • Captive portal auth page

    2
    0 Votes
    2 Posts
    597 Views
    M

    File manager.  Great.

  • Captive portal vouchers

    1
    0 Votes
    1 Posts
    682 Views
    No one has replied
  • LightSquid Problem

    2
    0 Votes
    2 Posts
    686 Views
    S

    yesss, for next refers,it was a simple mistake by me,just select lightsquid>setting>Report Scheme (something other than Text) :D

    222.PNG
    222.PNG_thumb

  • Nmap-6.40_2 pkg v1.2 - Failing to Install

    6
    0 Votes
    6 Posts
    2k Views
    K

    No worries, upgrading to 2.1.3 has fixed the issue. Must have been something that got changed in the package or the package system.

    Thanks!

    Edit: Not sure if it matters, but the error message said something pertaining to a missing nmap.inc, install failed, then the install would gracefully back out and perform the nmap uninstall, removing all nmap components. If I can get the exact error message from an un-updated install I will before I update it.

  • Suricata package blocking mode coming soon

    16
    0 Votes
    16 Posts
    4k Views
    bmeeksB

    @BBcan17:

    Great stuff… This will make testing that much easier!!

    EDIT:

    On another note, also having the functionality to create a fresh NEW interface would also be beneficial instead of trying to re-enable all of the previously disabled rules.

    That functionality is there today with the current (+) icon.  I'm not changing that one.  I will be adding new (+) icons beside each configured interface.  Clicking the (+) beside an already configured interface will perform the DUP function.  The layout will be pretty much just like the firewall rules page.  So the (+) icon at the top right of the tab will create a new fresh interface (just like it does today).  The (+) icon beside an existing configured interface will DUP it.

    In terms of the rules, on the RULES tab today is an icon that will remove all forced enable/disable changes for all rules on the interface.  This essentially resets the rules to their default state.  There is a similar icon that will do this for only the currently selected category.

    Bill

  • Suricata - MM/DD/YYYY Log Entry Formating

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB

    @priller:

    Not "alerts.log" …... "suricata.log".  It uses a different date format from all the other logs.

    suricata.log

    3/5/2014 -- 14:37:21

    To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 .  Today being 5/5, it's a bad day to compare the different formats!  ;D

    alerts.log

    05/01/2014-02:38:47.669925

    http.log

    05/03/2014-17:40:37.873931

    tls.log

    05/02/2014-07:39:35.069581

    Oh…sorry, I understand now.  I will look again in the config docs, but I don't think there is any way to change that outside of editing the actual binary source code.  I can see how much of an issue that would be and perhaps sneak it into the next release when I upgrade to 2.0.

    Bill

  • Lots of snort alerts after pfsense update to 2.1.2

    13
    0 Votes
    13 Posts
    5k Views
    BBcan177B

    Then I am baffled as to why one firewall has the issue while another (supposedly configured the same way) does not.  There would be only two logical explanations:  (1) either they are, in fact, not actually configured the same although they are supposed to be, or (2) you said one was VMware-based, and it is conceivable that VMware's virtual networking could play into the mix with that HTTP_INSPECT alert.

    Maybe setting up a standalone pfSense install to see if VMWare is the culprit is the best solution to rule out the Virtual machine idiosyncrasys. or a VM machine for the Main Site.

  • Captive Portal issues

    2
    0 Votes
    2 Posts
    589 Views
    M

    A simple reboot of the laptop resolved it.  Why would this be the case?

  • Asterisk-1.8.26.1 package on pFsense 2.1.2

    3
    0 Votes
    3 Posts
    1k Views
    C

    Tx.
    I noticed another issue this WE.

    I took a fresh Asterisk backup and did some config tests.
    After that I wanted to go back to my backup (as I usually do after testing)…:

    it restored the backup and initiated a reboot after reboot....it re-installed the Asterisk package again !!!! then I had to restore (again) and it works...

    Strange behaviour no ?

  • HAPROXY Connection limit

    2
    0 Votes
    2 Posts
    3k Views
    P

    Seems you have found the wrong forum? pfSense which is based on FreeBSD has nothing to do with CentOS ?
    You should probably try the haproxy mailing-list for this question, maybe one of the core developers present on that list can help you further: haproxy@formilux.org

  • Suricata 1.4.6 pkg v1.0.1 no alerts, no blocking

    3
    0 Votes
    3 Posts
    1k Views
    bmeeksB

    @simby:

    Hi!

    i have install Suricata 1.4.6 pkg v1.0.1 with snort. Snort is disabled, suricata is On with AC + blocking.

    In log i don see any alerts, no blocking.

    I have tested with grc.com  :((

    I have pfsense 2.1.3 x64

    Not a good idea at all to run these two packages together on the same firewall.  I would remove the Snort package if you want to use Suricata.  Also, did you select some rules for Suricata to enforce?  You did not mention that in your post.  Oh, and one other point– Suricata really works best only with the Emerging Threats rules.  There are many of the Snort rules that have Snort-specific keywords in them, and these rules will fail to compile on Suricata.  Suricata will start, but it will not use any rules that fail to compile.  This is different from Snort.  If Snort chokes on any rule during compilation, it will not start up.  Go to the Logs Browser tab and examine the suricata.log file for the interface and look for any errors.

    Bill

  • 0 Votes
    1 Posts
    748 Views
    No one has replied
  • Snort is not blocking

    6
    0 Votes
    6 Posts
    1k Views
    bmeeksB

    @tomtomtom6600:

    hi bmeeks,

    thanks for explaining my second problem. This is clear now.
    Back to my first problem. I will do what you have mentionend, but is it possible that my problem has something to do with squid running in transparend mode. Is it possible that those downloads are cached

    thanks

    Ah!  Yes, caching is a possibility.  If you mentioned it before, I missed you saying anything about squid running.

    Bill

  • 0 Votes
    3 Posts
    973 Views
    W

    Hrmm yeah only unbound-1.4.21_1.tbz is available. 1.4.22 for 2.0.X was not built for some reason automatically.
    You on 2.1.3 now so I am not going to worry too much :)

  • Captive Portal voucher page not opening

    3
    0 Votes
    3 Posts
    733 Views
    DerelictD

    Can you manually connect to http://interfaceaddress:8000/  ??

  • Captive portal on pfSense

    2
    0 Votes
    2 Posts
    807 Views
    M

    It seems many times I post here, a bit of knowledge is forced back to me through the web, my keyboard and into my head.  It seems I figure it out immediately after posting (whether or not a get good advice).

    In this case it was the interface assignment which was set to the physical interface, not the VLAN on that interface.

    Miles Deep out

  • Snort 2.9.6.0 pkg v3.0.8 Update – Release Notes

    1
    0 Votes
    1 Posts
    695 Views
    No one has replied
  • [Solved] Corrupt config? Failed packages upgrade etc.

    11
    0 Votes
    11 Posts
    3k Views
    BBcan177B

    @bmeeks:

    While not a bad idea, if the IP address changed, then it would become a false "fix" and folks would assume it was working when it in fact might not be.

    If pfSense could fix the code to allow domain names it would be really beneficial.

    Couldn't an alias be setup as packages.pfsense.org and at each interface restart, it would perform a

    dig packages.pfsense.org +short as the ip address?

    I assume that the repo is coded in the update page and could be extracted.

    Just a thought.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.