Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Dansguardian banned url regex

    2
    0 Votes
    2 Posts
    898 Views
    jimpJ

    And now you know why keyword blocking is and always will be ineffective. :-)

  • OpenVPN Client Export Utility - different config on 1.1.3

    5
    0 Votes
    5 Posts
    2k Views
    jimpJ

    There is a choice in the latest version to use tls-remote if you need to.

    If you have issues with verify-x509-name then you are not running an OpenVPN 2.3-based version. Make sure you uninstall OpenVPN and reinstall it again with the most current version. An in-place run of the client would likely skip over the actual install if it already detected OpenVPN present on the system.

  • TFTP doesn't seem to work out-of-the-box on 2.1

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    It works fine for me here. I installed the package, selected LAN, clicked save, then uploaded a file using the GUI and I was able to fetch that over TFTP from another system on the network.

  • Openvpn export - verify-x509-name option

    4
    0 Votes
    4 Posts
    4k Views
    N

    All OK now :)
    Thanks!

  • PfSense 2.1 & Squid

    5
    0 Votes
    5 Posts
    2k Views
    G

    Hi netwiz,

    iplayer is being blocked in the 'movies' group

    This site has been classed as non work related. If this is an error, please contact IT.: 403 Forbidden

    Reason:
    Client address: xxx.xxx.xxx.xxx
    Client group: default
    Target group: blk_BL_movies
    URL: http://www.bbc.co.uk/iplayer/

    If you didn't want to block all movie sites, you could always make at target category of blacklist sites and then enforce your own :)

    I get my blacklists from http://www.shallalist.de/

    Cheers,

    grievsa93

  • Squid Stopping Download Progress

    1
    0 Votes
    1 Posts
    748 Views
    No one has replied
  • Can't start varnish, missing cc dependency or something

    16
    0 Votes
    16 Posts
    7k Views
    marcellocM

    Thanks for the feedback,

    I've pushed a fix for the package and seems that only missing thing was a ln -s from gcc to cc.

  • How large should my Squid 3 cache be?

    5
    0 Votes
    5 Posts
    2k Views
    B

    I see, thank you. :)

  • Dansguardian unusable

    25
    0 Votes
    25 Posts
    6k Views
    T

    great, thanks for the tip, I will check that out sometime soon…

  • Dansguardian clamav and other issues fix

    19
    0 Votes
    19 Posts
    4k Views
    ?

    Very bad practice!

  • Mailscanner configuration

    1
    0 Votes
    1 Posts
    796 Views
    No one has replied
  • SARG and Dansguardian problem

    9
    0 Votes
    9 Posts
    3k Views
    T

    I could try to use the console, what commands would I need to run?

    Funny thing is if I go to the schedule and do a "force update now", no errors are produced in the log.

  • Understanding squid proxy server

    1
    0 Votes
    1 Posts
    988 Views
    No one has replied
  • PfBlocker Fails to start

    3
    0 Votes
    3 Posts
    1k Views
    D

    Hi All,

    Problem resolved.

    Dan.

  • Log Squid in Syslog

    3
    0 Votes
    3 Posts
    5k Views
    C

    Ok, I managed to get things working.  Doing log analysis is soooo great using splunk!  I uninstalled all my packages.  I then installed Dansguardian first, then squid3.  I think the first time I had selected the "squid" package vs the "squid3' package.  I then added the following in the Custom Options section of the proxy server settings page:

    access_log syslog:local5.info squid

    Hope this helps if anyone else has this issue!

  • Google TV with Squid

    1
    0 Votes
    1 Posts
    877 Views
    No one has replied
  • Dansguardion drives me mad… :/

    3
    0 Votes
    3 Posts
    1k Views
    R

    Thanks for you answer. Its good to have an explanation and to see that it is not a faulty configuration but ment that way and yes I would surely appreciate any kind of example configuration. It might give me some hints about a proper setup.

    If I could wish something for a new version of ds (and NO I don't claim!) it would be a bit more in place help. First time I entered the gui I really didn't know where to start and how the whole system works. Took me a lot of trial and error.

    BTW I got the /tmp access error directly after a new installation.

  • Squid dropping connection.

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 0 Votes
    21 Posts
    10k Views
    marcellocM

    @brasilnut:

    Okay - Let me rephrase my question:

    Where is this value?

    It's on the first post of this thread System -> Advanced -> Firewall Maximum Table Entries

    @pppfsense:

    I already tried some very high values for the Firewall Maximum Table Entries  with no success (System - Advanced - Firewall Maximum Table Entries = 999999999)

  • Widentd without a syslog message every single time

    1
    0 Votes
    1 Posts
    916 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.