Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Snort 2.6.8.1 HTTP Preprocessor issues

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    M

    It was fine before until it started happening on all deployed devices. Thats what i dont understand. Even from the pkg_mgr, i didnt notice any change in the version. And if 1.2.3 is not under going any further development because 2.0 is under full production, then why the version change issue in the first place? Please help me understand.

  • Recommendations on Categories/pfblocker

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM

    Thanks Metu69salemi, I did a screenshot today before start posting.  :D

  • Question about snort Categories and Rules

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    T

    I see this as well in some categories. I was wondering the same thing.

  • Squidguard with blacklist problems.

    Locked
    11
    0 Votes
    11 Posts
    3k Views
    marcellocM

    Fix info is on this thread

    http://forum.pfsense.org/index.php/topic,44525.msg231261.html#msg231261

  • Squid and LDAP

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    N

    Oh yeah this is related to an earlier post:

    http://forum.pfsense.org/index.php/topic,41501.0.html

    The complete config for the Squid Proxy Server Authentication page can be found in the post.

  • Squid can't start

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    T

    @jimp:

    Or perhaps I used the wrong variable in a config statement and that is valid. Fix pending, give it ~20minutes

    The update worked for me :)

    Thanks

  • Accessing ntop 4.0.1.1 configuration

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    R

    @thermo:

    Doesn't look like it installed properly.
    It will be there once installed correctly. Remove/Reinstall.

    Will do, post back when I'm done.

  • Snort and internal DNS issues

    Locked
    8
    0 Votes
    8 Posts
    6k Views
    T

    I get these as well and are blocked, but can reach the root DNS servers. With the following suppress:
    suppress gen_id 3, sig_id 19187

    Make sure you follow johnnybe's instructions.

  • Firewall and Squid

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM

    I think squidguard will do schedules the way you need.

  • Squidguard installation problem

    Locked
    29
    0 Votes
    29 Posts
    15k Views
    F

    @Nachtfalke:

    First I thought it could be the small amount of RAM….just 256MB...
    Or perhaps there is to less HDD space left for squidguard and the dependencies !?

    Could you first install squid then lower HDD cache in squid to 1MB, then reboot and try with installation of squidguard ?

    But that's really uncommon....I tried with a VM and 256MB RAM, too, and it worked.

    forget it . thanks man .
    i'm on slackware now . hard to config but it works like a charm

  • Snort broken after 2.0.1 update

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    C

    Thank you,  that indeed was the solution.

  • How can I view the Squid access.log in realtime from the GUI

    Locked
    17
    0 Votes
    17 Posts
    17k Views
    P

    I had sqstat "ln"ed from /usr/local/share into /usr/local/www
    Now I have deleted the link, checked that the sqstat GUI can't even find itself (thus confirming that it was really looking in /usr/local/www/sqstat), copied the whole directory /user/local/share/sqstat to /usr/local/www/sqstat and made sure that the permissions are set to 0755.
    The SqStat GUI does its thing, but the symptoms are the same as before - the GUI is displayed and the time updates (so it is trying to refresh) but the bottom box says;
    "Error (1): Cannot get data. Server answered: HTTP/1.0 404 not found"
    just like before.

  • Squid - Operation Not Permitted error

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    marcellocM

    Not sure. I do not change snort rules that often.

  • OpenBGPD package

    Locked
    1
    0 Votes
    1 Posts
    953 Views
    No one has replied
  • Packages stats

    Locked
    2
    0 Votes
    2 Posts
    988 Views
    N

    I thought of this in the past, too. ;D

  • 0 Votes
    1 Posts
    1k Views
    No one has replied
  • Perl version

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    marcellocM

    I'll do some tests and update xmls

  • [Solved] Can not view lightsquid report

    Locked
    8
    0 Votes
    8 Posts
    24k Views
    T

    marcelloc,

    I watched that video and that is basically what I did.

    The only diffrence is, that in the video:
    Log store directory: /var/squid/logs

    And I had:
    Log store directory: /var/squid/log

    After changing that, it now works!

    Thank You and for your work on pfBlocker[which I might have a question for you, in the pfBlocker thread] will also donate soon :)

  • Stunnel / anyterm workarounds 2.0-RELEASE

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Proxy 1 IP Address through US??? SQUID???

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    marcellocM

    Not sure how to do this with acls, but you can copy squid.conf file and run a second daemon on other port.

    Or install a virtual machine with squid for vlan 5.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.