Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Packages unavailable when using IPv6

    2
    0 Votes
    2 Posts
    2k Views
    ?

    Performed a new test with Prefer IPv4 disabled and enabled and captured DNS queries

    Prefer_IP_Disabled_Enabled_DNS_queries.txt

  • Can't access LAN from wireguard tunnel.

    2
    0 Votes
    2 Posts
    1k Views
    4

    @4rt
    PLEASE DETELE
    I figured it out. Thanks anyway.

  • Zabbix6 agent & proxy

    2
    0 Votes
    2 Posts
    2k Views
    M

    Looks like this was added! Thanks!

  • Package updates don't restart services

    5
    0 Votes
    5 Posts
    2k Views
    P

    Thanks all for the explanation!

  • 1 Votes
    20 Posts
    4k Views
  • System Patches update on 2.5.2

    5
    0 Votes
    5 Posts
    2k Views
    jimpJ

    There is an update for System Patches on Plus 21.05/CE 2.5.2, even if your update branch is set to stay on Plus 21.05/CE 2.5.2.

    We put an update there to add the recommended patches list populated with important security and stability fixes for people who couldn't upgrade to 2.6.0 right away.

  • DynDNS updates deprecated ipv6 addresses, resulting in service disruption

    3
    0 Votes
    3 Posts
    2k Views
    S

    @bob-dig yes. I consider it normal after a forced disconnect, being offline for a couple minutes until the new prefix has propagated downstream and every system chose it's new address. This is a design issue in ipv6 as a whole, amplified by fraudulent ISP's. Downtime due to this is definitely longer than we remember from ipv4/nat.
    But that's not at all part of my topic. This topic is all about the dyndns script not working for ipv6.

  • is it conceivable to arrange numerous standards in SQuidGuard?

    1
    0 Votes
    1 Posts
    793 Views
    No one has replied
  • No packages available on multiple CE 2.6 devices

    13
    1 Votes
    13 Posts
    3k Views
    GertjanG

    Instead of manipulating IPv6 settings and impacting all local networks, what about informing the 'package update' scripts from pfSense to prefer IPv4 ?

    Have a look at /usr/local/libexec/pfSense-upgrade - line 24
    That's just what we need.

    To implement :
    Goto line 1415 and change

    unset force_ipv4

    to

    force_ipv4=1

    So, instead of "let the system decide if IPv4 or IPv6 is used" the calls to the pkg commands are now instructed to use IPv4.

    Later on, undo the change or just forget about it as an update will take care of undoing it anyway.

    Btw : I had a console open, implement the change and used option 13 : Update from console.
    It took seconds to sync up and finish.

  • Dear PF users, what happened to SquidGuard blacklists web pages?

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    There are not many people still maintaining lists for squidGuard. It's not so useful these days compared to other methods such as DNS based blacklists. Browsers are making it more and more difficult to safely and securely use a proxy for these kinds of tasks.

    The list at http://www.squidguard.org/blacklists.html used to have all of them, though I don't know how viable any of them are. It still lists Shalla even though that's gone, so the others may be questionable as well.

  • no menu updates after un-/installs of modules

    Moved
    1
    0 Votes
    1 Posts
    752 Views
    No one has replied
  • WireGuard can connect but has error in and out at Interface Statistics.

    1
    0 Votes
    1 Posts
    705 Views
    No one has replied
  • 0 Votes
    1 Posts
    1k Views
    No one has replied
  • FreeRadius, filter user with groups

    2
    0 Votes
    2 Posts
    3k Views
    E

    Some improuvment...
    It works but I am not satified!

    I put in the user filter (and desactivate the Group Membership part) :

    (&(uid=%{User-Name})(memberOf=cn=wifi,ou=group,dc=mydomain,dc=net))

    => It work fine... only user in "wifi" group can be connected
    => I have to add the "menberOf" module in ladap

    I have know the following ldap/freeradius conf :

    ldap { server = "ldap.mydomain.net" port = "389" identity = "cn=admin,dc=mydomain,dc=net" password = 'xxxx base_dn = "dc=mydomain,dc=net" user { base_dn = "${..base_dn}" filter = "(&(uid=%{User-Name})(memberOf=cn=wifi,ou=group,dc=mydomain,dc=net))" } group { base_dn = "${..base_dn}" filter = '(objectClass=posixGroup)' } profile { filter = "(objectclass=radiusprofile)" }

    I think there is a better way... if some knows how ?

  • bind 9.16_13 - rndc delays

    1
    1 Votes
    1 Posts
    940 Views
    No one has replied
  • NMap scan GUI timeout fix

    1
    0 Votes
    1 Posts
    667 Views
    No one has replied
  • Cron-Package sort by time

    1
    0 Votes
    1 Posts
    610 Views
    No one has replied
  • squid / squidguard reliability

    6
    0 Votes
    6 Posts
    1k Views
    M

    @michmoor
    Thank you a lot for this clear answer, I will follow your advice for next questions.

  • FreeRadius - Mac addresses treated as Users

    3
    0 Votes
    3 Posts
    2k Views
    M

    Thats perfect... Will give it a try tonight. Thanks @NogBadTheBad

  • [Sovled]ntopng unable to start

    2
    0 Votes
    2 Posts
    1k Views
    S

    @scorpoin Solved . I removed the check

    ```Keep Data/Settings

    then uninstall the package and reinstalled it ,every thing works fine . But I lost all previous gathered data :( .

    Regards

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.