Subcategories

• Cache/Proxy

  Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.
  4k Topics

  21k Posts

  N

  Can I use pgblockerng aliases in Haproxy?

  80758505-9bad-4dad-a80b-c159be1045a2-image.png

  If it was a firewall rule, typing pfb would produce a dropdown to select.

  Here it has to be written, but will it work? Is it supported?

• IDS/IPS

  Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.
  2k Topics

  16k Posts

  C

  @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

  Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

  I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

  I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

  Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

• Traffic Monitoring

  Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.
  571 Topics

  3k Posts

  K

  @pulsartiger
  The database name is vnstat.db and its location is under /var/db/vnstat.
  With "Backup Files/Dir" we are able to do backup or also with a cron.

• pfBlockerNG

  Discussions about the pfBlockerNG package
  3k Topics

  20k Posts

  G

  @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

  Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

  You've found a reason to use a VPN.

• UPS Tools

  Discussions about Network UPS Tools and APCUPSD packages for pfSense
  99 Topics

  2k Posts

  K

  @elvisimprsntr thanks for your suggestion. I will give it a try.

• ACME

  Discussions about the ACME / Let’s Encrypt package for pfSense
  493 Topics

  3k Posts

  G

  @EChondo

  What's your pfSense version ?
  The instructions are shown here :

  1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

  A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

  @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

  I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

  No need to wait x days.
  You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

• FRR

  Discussions about the FRR Dynamic Routing package on pfSense
  294 Topics

  1k Posts

  R

  I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

  When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

• Tailscale

  Discussions about the Tailscale package
  89 Topics

  574 Posts

  A

  Hello,
  I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
  link text

  This state persists even after performing the following troubleshooting steps:

  Rebooting the pfSense router.

  Completely uninstalling and reinstalling the Tailscale package multiple times.

  Clearing browser cache and using a private browser window.

  Toggling the main "Enable Tailscale" checkbox in the settings.

  Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

  Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

  It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

• WireGuard

  Discussions about WireGuard
  689 Topics

  4k Posts

  P

  @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

  I will try and do some packet capture to see if that reveals anything.