1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • L

    Zabbix: Check access restrictions in agent

    2
    0 Votes
    2 Posts
    354 Views
    No one has replied
  • D

    Reboot after installing new packages?

    4
    0 Votes
    4 Posts
    651 Views
    H

    @davidstoll somewhere in the status or diagnostic menu.... Can't remember, been years since I've last installed it

  • K

    Downtime For Installing Packages?

    5
    0 Votes
    5 Posts
    1k Views
    I

    @kbohlken

    If you install new packages on a production firewall it should not cause downtime. However, if you are updating packages on a production firewall, those services related to the packages will be unavailable for a short period. If you have SquidGuard working for example, and decide to update the package, the squid service will be restarted and squid will stop blocking pages for a short period, usually less than a few minutes.

    I always have 2 firewalls in HA Sync, and when I do updates I will swap production firewalls and only work on the standby firewall. I also make it a habit to reboot the firewall after installing or updating a package as I've had issues updating squid/squidguard in the past.

  • A

    Receiving duplicates packets for the radius request in Pfsense

    1
    0 Votes
    1 Posts
    491 Views
    No one has replied
  • J

    Installing WireGuard VPN

    Locked
    49
    1 Votes
    49 Posts
    99k Views
    J

    This is now finished. At lease phase one is finished.

    https://www.netgate.com/blog/wireguard-for-pfsense-software.html

  • A

    Does syslog-ng default install conflict?

    2
    0 Votes
    2 Posts
    446 Views
    kiokomanK

    @ar15usr
    short answer : no
    they are indipendent

  • T

    about pfsense ipsec machine access

    1
    0 Votes
    1 Posts
    300 Views
    No one has replied
  • X

    Just a quick question about BIND

    8
    0 Votes
    8 Posts
    982 Views
    X

    @gertjan Hello

    I build my infrastructure It is not large in hardware perspective, but I've started to to integration of many apps that will have to have to be on a separate domains. Until now the internal resolver did the job, but now ... I need actual dns server.

    This is strange everywhere I open a discussion about BIND and DNS all I am getting is go somewhere else!!!!!! Never had a straight answer like this functions is for that that function is for that or if you want to do this just do this and this !!!! Never mind.

    Typically, you should isolate such a program, set up a test bed network and 'play' with.

    That's what I am doing right now I have a downstream network behind an other pfSense Firewall and that's where I am testing it. I also have a Ubuntu server behind this firewall with Virtualmin and BIND9 package installed with few test websites, but what I am trying to understand is some terminology and functions of BIND.

    So...

    I set in the Settings to listen on: all vlans, but there is an option on the bottom
    "Forwarder Configuration" should I set this "Forwarder IPs" to my upstream resolver or, if this option is not enabled it will simply look what DNS Servers set on System/General Settings ????

    and....

    In "Views" I have created and called "localview" where

    Recursion - Yes
    match-clients - Any
    but...
    allow-recursion - currently set to ANY, but this will be used for local zones isn't more secure to be set to "localnets" then "any" no matter if that is my downstream or upstream pfsense

    Thank you

  • K

    PIMD crashes whole pfSense when subscribe to neighbour's multicast traffic

    1
    1 Votes
    1 Posts
    354 Views
    No one has replied
  • B

    problem configuring HAproxy with subdomains

    19
    0 Votes
    19 Posts
    2k Views
    B

    You're right, I delete certbot and install a selfsignated certificate. That works correctly. The problem come from LE. As the server is empty, I will reinstall it.
    Thank you for your help
    Benoit

  • K

    xinetd doesn't read "included directory"

    4
    0 Votes
    4 Posts
    933 Views
    K

    @karls0 Just to remember it:
    After reloading filters, I get following in Status | System logs | General:
    Unable to read included directory: /opt/etc/xinetd.d [file=/var/etc/xinetd.conf] [line=1]

    When I tried "less" and typed in the whole path (without the Tab-key) I got the message "/opt/etc/xinetd.d/check_mk: No such file or directory" So there must be an invisible character in the path. Therefore I deleted the directory /opt/etc/xinetd.d and created it new. I copied the file "check_mk" back into it and now xinetd runs :-))

    Sorry, I cannot mark my post as resolved - if anyone can, please do it.

  • M

    How to configure Haproxy with multiple certificates

    Moved
    2
    0 Votes
    2 Posts
    2k Views
    M

    No answer, quite disappointed.
    I had time to lean on it lately and managed to do what I wanted.

    Here's some catch if it helps anyone.

    Create your certificate (I use the OVH API but it works with the other method):
    createCertificate.PNG

    You can create as many certificates as necessary (Pay attention to the limit imposed by the ACME packge, see link below)
    Rate Limits
    createCertificate2.PNG

    In Haproxy, go to the frontend which manages the domain name linked to the certificates created previously (the one ending with "site" for me, it depends on your configuration).
    frontend.PNG

    In the "certificate" section, choose one of the certificates to create (any you need).
    Check the 2 boxes "Add ACL for certificate ...."
    frontend1.PNG

    In the "additional certificates" section, add all the certificates you need.
    frontend2.PNG

    Check the 2 ACL boxes again
    frontend3.PNG

    Save and apply the configuration.
    Domains are now in HTTPS.

  • A

    openvpn-client-export installation problem

    1
    0 Votes
    1 Posts
    334 Views
    No one has replied
  • AutourdupcA

    DNS Resover stops running - Could not deliver signal HUP

    9
    0 Votes
    9 Posts
    1k Views
    AutourdupcA

    @gertjan
    I did the settings... All is fine.
    pfsense still running.

    Concerning BandwithD, it works also fine on my APU...
    pfsense usage is for personal use, with less than 20 devices on my Network.

    As you can see, CPU usage is low... (9%..30% depending on what I do).
    Only temp. is a little bit elevated due to the fact there is no cooling system.

    I also implemented zfs for better performances and reliability.

    82c53026-e1ea-4f4a-959a-bcaee1428221-image.png

  • M

    Freeradius totp fallback?

    1
    0 Votes
    1 Posts
    303 Views
    No one has replied
  • C

    lldpd 18110 unable to get system name

    1
    0 Votes
    1 Posts
    477 Views
    No one has replied
  • M

    Telegraf: no connection from pfSense via FRR (can I choose the interface?)

    7
    0 Votes
    7 Posts
    1k Views
    M

    I have solved my problem, for reference and for anyone who runs into the same problem:

    On the pfSense gateway 172.xx.xx.1 (the one in front of the InfluxDB server, which was working), add the following to the Telegraf configuration:

    [[inputs.influxdb_listener]] service_address = ":8086"

    This can be done at the bottom of the Telegraf configuration page. This activates Telegraf as a forwarder.

    On each other pfSense machine, I find the VTI interface IP, ie 10.88.88.xx and set the influxDB server as http://10.88.88.xx:8086.
    Now, the data is sent via Telegraf to the InfluxDB server, and arrives as it should.

    There would probably be other solutions with proxies, but this seems simplest.

  • O

    Wireguard has been merged into freebsd 13

    1
    0 Votes
    1 Posts
    319 Views
    No one has replied
  • A

    Error upgrading/reinstalling OpenVPN client export

    2
    0 Votes
    2 Posts
    404 Views
    A

    Solved- when in doubt, reboot.

  • I

    Oauth with Azure

    1
    0 Votes
    1 Posts
    348 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.