Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Arpwatch fails to download ethercodes.dat

    2
    0 Votes
    2 Posts
    589 Views
    E

    Here is a link to the bug report: https://redmine.pfsense.org/issues/10261

  • Service Watchdog Bug?

    2
    0 Votes
    2 Posts
    316 Views
    jimpJ

    That's the same as most any other page. Just click back or click away in the menu. Not a bug.

    There is no valid reason for anyone to add every service to the watchdog. It's illogical and highly likely to cause problems. Don't do that. Also not a bug since nobody should ever be in that situation.

  • Avahi-daemon choosing VIP instead of interface IP

    2
    0 Votes
    2 Posts
    470 Views
    C

    Based on feedback I've opened https://redmine.pfsense.org/issues/10253 to pfblockerng to move the default VIP bind to localhost instead of a user interface.

  • Syslog-ng not binding on multiple interfaces

    Moved
    1
    0 Votes
    1 Posts
    184 Views
    No one has replied
  • Unable to retrieve package info

    13
    0 Votes
    13 Posts
    1k Views
    GertjanG

    Don't know.

    And bye bye the security if it would be possible to change the URL being used for updates.

  • [solved] VPN Client Export Utility on 2.5.0-DEV

    3
    1 Votes
    3 Posts
    413 Views
    C

    Hello Hin4ik,
    thanks a lot for helping me here.
    I forgot to create a user certificate, after creating one I see also the config

    Kind Regards Robert

  • NTP PPS Jitter Question

    6
    0 Votes
    6 Posts
    2k Views
    C

    I have a Garmin 18x LVC wired and configured the same way (no LED though) and am also getting PPS jitter, see below

    Capture.PNG

  • DNS slave server ignoring updates from master

    3
    0 Votes
    3 Posts
    383 Views
    S

    Yeah, rndc doesn't work but it turns out it did eventually replicate. It just took hours and hours

  • HAProxy with thousand of additional certificates

    10
    0 Votes
    10 Posts
    1k Views
    C

    Sorry for weird word. Because of when I searching about memory_limit most of comments is to increase memory_limit configuration, and for pfsense I found to increase is in the file '/etc/inc/config.inc'. But after upgrade this file is override that the reason I said it's not a good idea ( not the right place ) to modify this file configuration.

    Thank you, If you want more information or any support from me don't hesitate to ask me.

  • Oracle Database Freeradius

    2
    0 Votes
    2 Posts
    363 Views
    kiokomanK

    it is not supported, you can ask a new feature here https://redmine.pfsense.org/
    your only option is to install freeradius on another machine or convert the database

    the configuration files are overwritten every time you change something on the GUI consequently you lose what you entered manually

  • Random Failing Websites

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Testing Multicast using PIMD

    1
    0 Votes
    1 Posts
    432 Views
    No one has replied
  • New package: pimd

    Locked
    35
    11 Votes
    35 Posts
    14k Views
    jimpJ

    This seems to have strayed very far from the original intent of the thread. If you'd like to continue to discuss the merits of multicast routing in general, rather than issues directly related to the functionality of the package, start a new thread in an appropriate (non-packages) category.

    For those who have feedback about pimd, start a fresh thread for your individual issues. Please include details about your use case as well as current package settings. Ensure you are on pimd version 0.0.2.

    Locking this.

  • 0 Votes
    1 Posts
    375 Views
    No one has replied
  • [solved] Snort Registered User rules download fails

    13
    0 Votes
    13 Posts
    5k Views
    C

    I've been battling this as well. Be sure the Oinkcode is correct and without a leading space. Rookie mistake but it happens, drove me crazy for a week. Good luck!

  • HAProxy Listen On LAN - Pass Internal Traffic Through Proxy

    2
    0 Votes
    2 Posts
    590 Views
    B

    Did you figure this out? When I do, I'll post my response here.

  • Python 3 in pfsense

    28
    0 Votes
    28 Posts
    13k Views
    jwsiJ

    @guardian great! Look forward to hearing how you get on ☺

  • 0 Votes
    6 Posts
    733 Views
    johnpozJ

    https://docs.netgate.com/pfsense/en/latest/general/can-i-sell-pfsense.html

    What can not be offered is a commercial redistribution of pfSense software, for example the guidelines do not permit someone to offer “Installation of pfSense software” as a service or to sell a device pre-loaded with pfSense software to customers without the prior express written permission of ESF pursuant to the trademark policy.

  • FreeRadius 0.15.7_8 and you are using a SQL database ?

    1
    0 Votes
    1 Posts
    165 Views
    No one has replied
  • Freeradius error during install "username too long"

    2
    0 Votes
    2 Posts
    333 Views
    jimpJ

    I'm not sure where that error might be coming from, but it would not likely be relating to a user in the pfSense user manager, but a user in the FreeRADIUS settings. You might need to take a backup, edit out the affected settings, restore that, and then try again.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.