Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Snort Suppression

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    W

    yes me too!
    Is it possible to just display priority 1 rules?

    Thanks,

    Woger

  • The module Postfix Forwarde 2.8.5,1 pkg v.2.1 is not accurate

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM

    follow this post

    http://forum.pfsense.org/index.php/topic,40622.msg220204.html#msg220204

  • Pfsense 2.0 release squid transparant proxy does not work

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    B

    I restarted from scratch, using 2.0 release. That resulted in the mentioned problem.

  • Squid + squidguard + vnstat + ntop

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    S

    Thank you for the reply jimp.

  • Squid-reverse config

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    L

    I am also interested in sample setups. I hope someone who has got this working can explain the settings in his setup. I was surprised by this package for it's rich web gui so i guess full configuration can be done in the gui.

    regards,

    Leon.

  • Country block doesnt work for me anymore since 2.0 release

    Locked
    17
    0 Votes
    17 Posts
    4k Views
    T

    It will block all traffic.
    pfblocker 1.4 is only BETA but is fully functional and is available now.

  • Proxy not working if WAN is down

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    D

    Search for Squid and Floating rules.

  • SquidGuard: how to add manually an extra destination group

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    warpW

    Hi doccocaubai,

    no, I gave it up at the moment …

    Warp

  • Centralised and documented colors for RRD

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J

    Cool! Thanks for the contribution.  ;D

  • HAVP + Squid = no pfSense forum

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    marcellocM

    how to troubleshoot dns resolving issue . i am using the 2.0 stable release box

    nslookup forum.pfsense.org on console

  • Vnstat2

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    johnpozJ

    that seems to have cleared it up..

    ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/vnstat-1.10_2.tbz

    sucks my database got loss in all the mess - but that seems to be working, will check on it to see if actually logging traffic, etc.

    THANKS!!!

  • Snort and squid issues

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N

    @kirlox_kitoy:

    Is there an issue regarding the running of squid+squidguard and snort simultaneously? In 1.2.3 Snort doesnt seem to work Can somebody attestify that he or she has a working snort and squid box

    I also had issues earlier with snort updating and the whole functionality of snort installed with squidguard.
    This was my post http://forum.pfsense.org/index.php/topic,42376.msg219341.html#msg219341

  • ERROR The requested URL could not be retrieved

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    A

    No I do not

  • NUT - Serial to USB

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Pfsense 2.0 snort preprocessors

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    A

    Ok, the way is to change /usr/local/pkg/snort/snort.inc file.

    But now I'm looking toward suppress rules.

  • Lightsquid access isn't protected!

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    A

    This actually works in my favor. I want to give certain managers access to the lightsquid logs, but I don't want them to be able to get into the firewall configuration and doink with it, and there doesn't seem to be access groups for squid or lightsquid, so I can't just set them up with a username and limit their access to only lightsquid. So instead they have no username at all, and they can get to lightsquid, but not to anything else. So it's an unintended benefit from my perspective.

  • Transparent Squid-squidquard and https

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    A

    Thanks for you help its working again now,

    Is there anything I can help you with ?
    AS.

  • Blocked sites redirect to IP

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    A

    I am using SquidGuard and blocking certain extension downloads as described in http://doc.pfsense.org/index.php/SquidGuard_package.

    The extensions are blocked an the appropriate message returned but the URL looks as follows:

    https://192.168.10.1/sgerror.php?url=403%20&a=192.168.10.20&n=&i=&s=default&t=myBlockExt&u=http://media.music.net/18/SID18402.mp3

    Instead of the IP I would like my server's FQDN to appear.

  • Snort Rule Update Problem

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    L

    I was browsing through the pfSense bug tracker & see someone has actually already reported this. I commented on the bug stating I was having the same problem. Guess all we can do is wait for it to be fixed. However at this time I can't even get Snort operational so the point is moot.

  • SquidGuard 1.4

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N

    http://diskatel.narod.ru/sgquick.htm

    There is no really greate difference (just other labels) than in older versions.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.