Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • L

      Updated PIMD package (beta)

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages
      1
      0 Votes
      1 Posts
      74 Views
      No one has replied
    • M

      New pfblockerNG install Database Sanity check Failed

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG
      39
      0 Votes
      39 Posts
      4k Views
      M

      @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

      Therefore:

      Addition for anyone struggling to find where to edit files on your pfsense system.

      Go to Diagnostics --> Edit File --> insert the location of the file:

      /usr/local/pkg/pfblockerng/pfblockerng.sh

      Go to line number 1232 by filling it in the Go to line field.

      That line should read:

      s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

      replace only (leave the rest intact):

      masterfile

      to

      mastercat

      Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

    • D

      Load balancing not actually balanced?

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN
      3
      0 Votes
      3 Posts
      96 Views
      D

      @Nicholas97 Sticky connections are not enabled. Gateway status is fine. Weights for each LAN are set to 1 which should be fine for 2x gigabit connections and total bandwidth used of less than 1gbps. Will look at the logs but will have to figure out what I'm looking for ... will report back.

      I have read the multiwan load balancing docs pretty well and searched the forums here before posting this originally. Unless there are other pfsense forums you're referring to?

    • M

      System - Package Manager - Available Packages

      Watching Ignoring Scheduled Pinned Locked Moved Italiano
      1
      0 Votes
      1 Posts
      22 Views
      No one has replied
    • A

      Amcrest Camera Function Direct VPN vs Site to Site

      Watching Ignoring Scheduled Pinned Locked Moved WireGuard
      1
      0 Votes
      1 Posts
      39 Views
      No one has replied
    • D

      Squid: "Undefined symbol "_ZTVNSt3__117bad_function_callE" after upgrade to 2.8

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy
      18
      0 Votes
      18 Posts
      2k Views
      JonathanLeeJ

      @aGeekhere They just release Squid 7 and it is stable if you want to check it out

      "The Squid HTTP Proxy team is very pleased to announce the availability
      of the Squid-7.1 release!

      This release is, we believe, stable enough for general production use.
      We encourage all users of any previous major version of Squid to upgrade to it,
      as well as users of beta version 7.0.X.

      It can be downloaded from GitHub, at
      https://github.com/squid-cache/squid/releases/tag/SQUID_7_1

      Since version 6, Squid offers:

      better support for overlapping IP ranges and wildcard domains in acl countless security, portability, and documentation fixes

      Since version 6, some previously deprecated features have been removed:

      Edge Side Includes (ESI) access to the cache manager using the cache_object:// scheme - use
      http instead the squdclient tool - use curl
      http://<squid-address>/squid-internal-mgr/menu instead the cachemgr.cgi tool the purge tool - use the http PURGE method instead Ident protocol support basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's
      ntlm_auth instead

      Further details can be found in the release notes and in the changelog

      Please remember to run "squid -k parse" when testing the upgrade to a new
      version of Squid. It will audit your configuration files and report
      any identifiable issues the new release will have in your installation
      before you "press go".

      If you encounter any issues with this release please file a bug report at
      https://bugs.squid-cache.org/

      --
      Francesco Chemolli

      squid-users mailing list
      squid-users@lists.squid-cache.org
      https://lists.squid-cache.org/listinfo/squid-users"

      I am having issues with this right now

      "I got as far as this with the make clean install no matter what I do I can’t get this package installed. I have tried pkg install heimdal same error after install and pkg install krb5 and pkg install krb5-devel. I don’t know what I am doing wrong it does the make clean for a while and crashes for the bootstrap version the other one I could get going

      ERROR: checking whether S5L_CTX_sess_set_get_cb() callback accepts a const ID argument" ... yes checking "whether X509_get0_signature() accepts const parameters" ... yes checking whether the TXT_DB use OPENSSL_PSTRING data member... yes checking whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_V alue should used... no checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used ... yes configure: OpenSSL library support: yes -lcrypto -lss1 configure "Library -Kit-kros" support: no (auto) /configure: LIBHEIMDAL_KRB5_PATH+=-L/usr/lib: not found /configure: LIBHEIMDAL_KRB5_CFLAGS+=-1/usr/include: not found checking for LIBHEIMDAL_KRB5... no configure: error: Required library 'heimdal-krb5' not found ニニニン Script "configure" failed unexpectedly. Please report the problem to timp87@gmail.com maintainerl and attach the '/usr/ports/uuu/squid/uork/squid-7.1/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system te.g. a /usr/local/sbin/pkg-static into -g -tal. *** Error code 1 Stop. makel1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid root@free:/usr/ports/www/squid #"

      it gets so far along and fails with this error.

    • M

      pfSense-pkg-WireGuard removal failed!

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages
      1
      0 Votes
      1 Posts
      38 Views
      No one has replied
    • B

      Intel I350-T4 Errors

      Watching Ignoring Scheduled Pinned Locked Moved Hardware
      18
      0 Votes
      18 Posts
      853 Views
      B

      For anyone interested in the exciting conclusions... it worked fine in the 16x slot for 2 weeks and is still in there now
      I put an I340-T4 in the 1x slot at the same time and left that running and that has been perfectly fine as well

      It seems to be an incompatibility between the 1x slot and the I350 specifically but i'm not sure why. In either case, the issue seems to be resolved

      It may be something specific to AM5 and the I350 in the 1x, or just the I350 and the 1x alone but if anyone else for some reason tries the same, at least you know what symptoms manifest and what the cause was

      Thanks again for those that helped and commented

    • D

      Strange behaviour with alias firewalling: Pass is logged but traffic is blocked

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling
      1
      0 Votes
      1 Posts
      40 Views
      No one has replied
    • T

      Kea DHCP static mappings not transfering to standby HA pair

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      1
      0 Votes
      1 Posts
      32 Views
      No one has replied
    • B

      Pfsense - OpenVpn

      Watching Ignoring Scheduled Pinned Locked Moved Español
      2
      0 Votes
      2 Posts
      160 Views
      L

      @Belcebu-Gdl

      Hola.
      Cuando ocurra el problema, yo revisaría desde el ordenador con cliente openvpn (en este caso desde el ordenador con openvpn connect) si hay conectividad al servidor openvpn (pfsense).
      Aunque no es lo más común, yo tengo el servidor openvpn escuchando en tcp en lugar de udp. Si está en tcp, puedes desde el ordenador cliente comprobar si hay conectividad con el comando telnet a la ip y puerto del servidor openvpn. De esta manera puedes ir acotando el problema y ver si el problema es de servidor, de red o del cliente.
      Un saludo.

    • L

      Problema con ping (icmp) cuando hay nat.

      Watching Ignoring Scheduled Pinned Locked Moved Español
      1
      0 Votes
      1 Posts
      19 Views
      No one has replied
    • J

      What actions are triggered by gateway going down?

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN
      2
      0 Votes
      2 Posts
      59 Views
      J

      It would seem the answer to my question is "/etc/rc.gateway_alarm" is run.

      Nothing in there for DHCP leases from what I see. More about restarting VPN sessions and flushing states.

    • L

      Data Encryption Algorithms sumiu de um dos servidores

      Watching Ignoring Scheduled Pinned Locked Moved Portuguese
      3
      0 Votes
      3 Posts
      280 Views
      L

      Reverti o servidor para outra versão e atualizei, não funcionou a parte de Data Encryption Algorithms, ela não voltou.

      Decidi parar de procurar solução, já que não obtive ajuda aqui e na internet, e resolvi colocar o wirguard no local. Mas estou ainda com algumas questões. Funcionou, estou acessando o fileserver do outro lado, mas alguns serviços como Impressora que usa SMB para fazer scaner, não envia via túnel.

    • C

      pfblockeer 3.2.8 + pfsense 2.8.0: top1m db download fail

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG
      4
      0 Votes
      4 Posts
      395 Views
      sretallaS

      You can download it here now:

      https://raw.githubusercontent.com/ianb/alexa-sites/refs/heads/master/top-1m.csv

    • N

      Netgate 6100 LAN crashes

      Watching Ignoring Scheduled Pinned Locked Moved Official Netgate® Hardware
      13
      0 Votes
      13 Posts
      870 Views
      N

      The problem is solved; it was indeed the network cable that had a loose connection.
      It's in the trash!
      Thank you all for your help.

    • T

      pfSense 2.7.2 in Hyper-V freezing with no crash report after reboot

      Watching Ignoring Scheduled Pinned Locked Moved Virtualization
      62
      0 Votes
      62 Posts
      9k Views
      T

      Yesterday we built a new pfSense 2.7.2 cluster, master firewall was running for over a week without problems, but about half an hour after setting up CARP and pfSync to the new slave it died with known hvevent problem. It then died several times, again and again.. Not sure but maybe it has something to do with either CARP/ConfigSync/pfSync or multicast traffic (because we know dying pfsense setups without carp configured, so might be multicast traffic in the network which triggers something).

      We have had the same experience with our only OPNsense setup, of which the master is running smoothly since we removed the slave firewall.

    • W

      Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions ntopng
      3
      0 Votes
      3 Posts
      138 Views
      W

      @dennypage said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

      @wolffire said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

      I really like ntopng, but I'd rather it not be able to access the internet whenever it wants.

      Is it possible to block package processes from doing so?

      You can't block individual packages. The closest you could get is to find the domain or addresses the package is accessing and block those.

      With specific regard to ntopng, I haven't examined all the callouts but I don't recall it doing much unless you were using the licensed version (activation check), or had one of ntopng's "active" modes enabled.

      Make sure you have Active Network Discovery disabled in ntopng. It's in Settings / Preferences / Network Discovery / Active Network Discovery. This option should never be enabled on pfSense. Ditto for Active Monitoring.

      Thanks for the quick answer.

      I'm a little surprised about not being able to lockdown individual processes for those 'who watches the watcher?' types of situations. Finding a dynamic workaround will be painful.

      As far as ntopng, I just don't want it to be able do anything online unless I've configured it to do so; I loath the idea of telemetry being sent off to various companies.
      Not that I've found anything (I haven't taken a serious look yet); I'm just a bit weary.

      Speaking of the settings, after reading that post about inadvertently scanning the Internet, I definitely ensured active monitoring and network discovery was turned off. 😆

    • I

      DNS Dinâmico nao atualiza com IP CARP

      Watching Ignoring Scheduled Pinned Locked Moved Portuguese
      1
      0 Votes
      1 Posts
      31 Views
      No one has replied
    • G

      Not seeing package updates except for Nexus?

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      2
      0 Votes
      2 Posts
      111 Views
      stephenw10S

      Yes, those are the correct versions in 25.07-RC. The newer pkgs are currently only in head, what will be 25.11. They may be pulled back into 25.07 at some point if necessary though.