Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Where is the documentation?

    Scheduled Pinned Locked Moved General pfSense Questions
    56 Posts 15 Posters 14.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      ember1205
      last edited by

      @cmb:

      Packages uninstall fine in general, the issues that were inherent in the old package system pre-2.1x were solved with the change to PBIs in 2.1 and newer.

      No matter what I tried, I could not figure out how to get Squid and SquidGuard to uninstall so that I could reinstall them. The system kept hanging. From what I could discern, it was likely related to some sort of dependency order or something. And, I can't tell whether the packages in pfSense have dependency checking or not (it seems, at first blush, that they do not since you can install squidguard without squid).

      @cmb:

      That's the nature of anything with a project that's existed for a decade. Our own sites should do a better job there in either clearly marking outdated content (talking doc.pfsense.org largely), or maybe just removing things that aren't current. Some of it just needs some updates. It's an ongoing work in progress, something I'm working on right now actually.

      I'm working on making sure we have adequate installation and introductory level documentation freely available. At this point, I would say we don't. The only place we have a well-documented "out of the box" experience today is with the hardware we sell, for which quick start guides are available.

      Quite honestly, I would expect that a lot more categorization and such of docs would be in place with a project that's been around for ten years. And, maybe the big gap is that docs and such simply aren't broken down into version-specific areas. While general installation information seems "good enough", it leaves a user with only basic functionality if there isn't any reference information to validate how to enable the additional functions properly. Maybe instead of selling a book to understand how to use the product, certain features should be licensed. Software license revenue is repeating, item sales are singular. Personally, I'm unlikely to buy a book in order to use a product when there are plenty of competing products that don't require me to buy a book.

      I have 20 years of experience with Linux and Unix systems of all kinds. I'm not terribly interested in "reverse engineering" the processes that are used in pfSense so that I can understand how to locate configuration files, control scripts / daemons, logs, and the like. If I can't quickly find the information on line of things like how to install and configure a package like squidguard, I'll move on to the next product out there. And, at this point, I'm leaning very heavily toward just going back to a custom, slim OpenSUSE install with Squid, SquidGuard, transparent proxying, iptables firewalling, and wondershaper. It covers 85% of what I want, and 100% of what I need. One of the things I "want" is a purpose-built distro that focuses on home firewalling and content control to keep the kids safe. That way, I don't have to worry about maintaining individual packages for the different pieces.

      1 Reply Last reply Reply Quote 0
      • K Offline
        kejianshi
        last edited by

        Now that we have gotten past understanding that you are annoyed with documentation…

        What are you trying to accomplish and what isn't working?

        1 Reply Last reply Reply Quote 0
        • E Offline
          ember1205
          last edited by

          @kejianshi:

          Now that we have gotten past understanding that you are annoyed with documentation…

          What are you trying to accomplish and what isn't working?

          How do I configure Captive Portal? What packages are required? What additional systems might be required?

          How do I install and configure Squid in conjunction with SquidGuard? What versions work properly together? Can I leverage any of the black lists that are out there for either in conjunction with the basic configuration?

          How do I configure QoS to reserve bandwidth for VoIP services?

          How can I configure pfSense to only allow my proxy server to access the Internet (except for HTTPS/SSL - 443)?

          How do I configure reverse proxy for web content that I server from different internal servers?

          How do I disable SSL3 and require TLS 1.0 instead?

          1 Reply Last reply Reply Quote 0
          • K Offline
            kejianshi
            last edited by

            If you take those questions and post them in a new thread, I bet they will all be answered with either a new reply or a link to an existing thread that outlines it.

            All the things you have asked about have been answered many times over, so I'm sure you will get a relevant reply quickly.

            1 Reply Last reply Reply Quote 0
            • E Offline
              ember1205
              last edited by

              @kejianshi:

              If you take those questions and post them in a new thread, I bet they will all be answered with either a new reply or a link to an existing thread that outlines it.

              All the things you have asked about have been answered many times over, so I'm sure you will get a relevant reply quickly.

              I've looked.. Anything existing that I've found deals with prior versions, isn't solved, or is part of a larger total installation (where Squid is being used only because it's required by additional items like Diladele).

              Further, I -have- posted looking for help and haven't gotten what I've requested. That isn't to say that I have gotten decent comments and such, but no one has been able to actually answer my questions.

              1 Reply Last reply Reply Quote 0
              • DerelictD Offline
                Derelict LAYER 8 Netgate
                last edited by

                So now all you're going to do is whine?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • KOMK Offline
                  KOM
                  last edited by

                  So now all you're going to do is whine?

                  I think he's trying to volunteer to help update the docs.

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    ember1205
                    last edited by

                    @Derelict:

                    So now all you're going to do is whine?

                    I'm not whining at all. I'm pointing out that there's a massive gap between the documentation and the product. I'd be happy to try and help close that, even if it were just a little bit, if anyone at all out there could point me to some legitimate, accurate documentation for 2.1.5.

                    But, if you prefer to take it as whining, maybe you'd like to fix the docs instead?

                    1 Reply Last reply Reply Quote 0
                    • DerelictD Offline
                      Derelict LAYER 8 Netgate
                      last edited by

                      legitimate, accurate documentation for 2.1.5.

                      You know there's a book right?

                      It is not uncommon to charge a pretty penny for a fantastic book on an open source project.  Exim is one such example.  Yes, online docs exist.  The book is better.  pfSense is another, though the printed version will probably be cheaper than a Gold subscription.  (Zero affiliation other than being a gold member, btw.)

                      What you're proposing is a catch22 - point me at the legitimate, accurate documentation for 2.1.5 so I can help create legitimate, accurate documentation for 2.1.5.  If the documentation existed to your liking, you would have nothing to do.

                      I'm not whining at all.

                      "Further, I -have- posted looking for help and haven't gotten what I've requested."

                      "But I was going into Tosche Station to pick up some power converters!"

                      But, if you prefer to take it as whining, maybe you'd like to fix the docs instead?

                      I don't find them as deficient as you do.  Captive Portal is not hard to configure, for example.  The tone of this entire thread has left me with zero desire to help you.  Maybe the threads you say you started asking all these unanswered questions had the same effect on others.  Considering your litany of questions, it seems $99 for the book would be well worth the money.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        To be fair the book is not really an option for someone experimenting with various router/firewall projects. The fact that Chris has said he is releasing the introduction and installation chapters for free should significantly address this.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • E Offline
                          ember1205
                          last edited by

                          @Derelict:

                          "But I was going into Tosche Station to pick up some power converters!"

                          What?

                          Your "assistance" is exactly the sort of help I've been getting all through here. You haven't read the whole post (or you didn't bother to take the time to understand it) and you're just throwing out the same knee-jerk reaction you give to everyone know that "whines" that the docs are poor.

                          On line docs are good and the book is better. I'm all for that. Where's the on line docs? They're essentially non-existent for 2.1.5. The fact that everyone keeps referring to the book as "the" source for docs reconfirms this.

                          1 Reply Last reply Reply Quote 0
                          • E Offline
                            ember1205
                            last edited by

                            @stephenw10:

                            To be fair the book is not really an option for someone experimenting with various router/firewall projects. The fact that Chris has said he is releasing the introduction and installation chapters for free should significantly address this.

                            Steve

                            Steve,

                            This is very true. I want to understand this project before I commit to it all around. The fact that I can't accurately set up my instance of pfSense to test the things that are important to me pushes this project way down to the bottom of the list of contenders. And, the fact that I'm -still- here trying to get help should demonstrate that I really do want to try it.

                            1 Reply Last reply Reply Quote 0
                            • K Offline
                              kejianshi
                              last edited by

                              See if any of this answers some of your questions.

                              https://www.youtube.com/channel/UCrLC48qoJygdQOmgzmYVKBg/videos

                              https://www.youtube.com/watch?v=czU56xmJAmE

                              http://pfsensesetup.com/web-filtering-with-squidguard-part-one/

                              https://www.youtube.com/watch?v=s6BDVzTcAnw

                              https://doc.pfsense.org/index.php/Traffic_Shaping_Guide

                              https://www.youtube.com/watch?v=xUnJs5XP1y0

                              http://pfsensesetup.com/qos-management-using-the-traffic-shaper-wizard/

                              http://blogs.technet.com/b/nexthop/archive/2014/04/07/configuring-pfsense-as-a-reverse-proxy-for-lync-web-services.aspx

                              http://pfsensesetup.com/reverse-proxy-services-with-varnish-part-one/

                              https://forum.pfsense.org/index.php?topic=82914.0

                              http://www.astiostech.com/blog/?p=100

                              Not complete list - I'm sure there is more.

                              1 Reply Last reply Reply Quote 0
                              • DerelictD Offline
                                Derelict LAYER 8 Netgate
                                last edited by

                                @ember1205:

                                Where's the on line docs? They're essentially non-existent for 2.1.5. The fact that everyone keeps referring to the book as "the" source for docs reconfirms this.

                                It is, after all, called "The Definitive Guide."

                                You have, today, the documentation you have, not the documentation you want.  That is not going to change today.  Certain deficiencies have been acknowledged by those in the best position to correct them.  I don't know what else you want.  Post a thread, ask your question.  Don't use 2.1.5 in your searches, use 2.1.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • E Offline
                                  ember1205
                                  last edited by

                                  kejianshi

                                  Thank you for posting some links. I don't understand why there were links to POODLE discussions… ???

                                  As far as answering questions, yes... The answer is: There are no good docs available for 2.1.5 that a new user has access to for testing purposes. I don't watch videos for help with installations, and all of the other "docs" were outdated and/or don't actually take you through the process of package installation (this is the single biggest issue I have with Squid and SquidGuard).

                                  So, I guess it's settled for me... Back to an OpenSUSE build with manual installation and configuration of all of the packages. It will take me longer, but it's 100% rock solid and is something that I've been doing for almost a decade. So, I won't be learning a new system after all.

                                  1 Reply Last reply Reply Quote 0
                                  • K Offline
                                    kejianshi
                                    last edited by

                                    Poodle - because poodle is an ssl3 issue and the cure is to use tls?

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      I'm sorry things turned out like this for you.
                                      I have a feeling that much of this (and no doubt similar experiences other have) is down to managing expectations. pfSense has a very wide user base. It is used by networking noobs as well as seasoned firewall professionals. It can be used in place of the cheapest SOHO router or an incredibly expensive commercial firewall product. Depending where you are coming from on that spectrum your expectations are going to vary massively. Personally I came from Smoothwall via IPCop and don't remember having much difficulty getting pfSense going or struggling to find the documentation to do so. Of course as I said earlier it's hard to remember not knowing something after you become sufficiently familiar with it.  ;)

                                      I don't think anyone here would disagree that improving/updating the docs would be a good thing.

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • K Offline
                                        kejianshi
                                        last edited by

                                        Enjoy the linux release.

                                        1 Reply Last reply Reply Quote 0
                                        • C Offline
                                          cmb
                                          last edited by

                                          @ember1205:

                                          Maybe instead of selling a book to understand how to use the product, certain features should be licensed. Software license revenue is repeating, item sales are singular. Personally, I'm unlikely to buy a book in order to use a product when there are plenty of competing products that don't require me to buy a book.

                                          Yeah, we could, say, go the Cisco route. With the big bucks you pay for Cisco ASAs, surely they make flawless, perfectly comprehensive documentation available, right? No one would even bother writing or buying a book about a Cisco ASA, right?

                                          Go search Amazon books for Cisco ASA. 122 books matching Cisco ASA. Into double digits recent books where the ASA is the primary topic. Oh…maybe not such a brilliant plan.

                                          Show me one comparable solution that's free and has better documentation freely available. AFAIK, there isn't one. We have a good deal of up-to-date information available, and a whole lot more that's a bit dated but still easy to follow and correct on 2.2 today. You're paying somewhere.

                                          @ember1205:

                                          I have 20 years of experience with Linux and Unix systems of all kinds. I'm not terribly interested in "reverse engineering" the processes that are used in pfSense so that I can understand how to locate configuration files, control scripts / daemons, logs, and the like. If I can't quickly find the information on line of things like how to install and configure a package like squidguard, I'll move on to the next product out there.

                                          I don't get what's so difficult - we're extremely widely used because you don't need to "reverse engineer" or "forward engineer" all the intricacies of the underlying components. The system is largely self-documented with descriptive text on every page of the web interface. Anyone with experience with commercial-grade firewalls tends to pick things up quickly. Those who haven't dealt with anything more complex than a Linksys have a learning curve, but that'd be true regardless of what comparable-grade product you threw in front of them.

                                          If you know enough to manually configure these things, you can surely figure out the web interface. Any question you might have has almost certainly been asked and answered before, likely several times - there are over 437,000 posts here today. Google site:forum.pfsense.org or site:pfsense.org to catch all our sites.

                                          1 Reply Last reply Reply Quote 0
                                          • DerelictD Offline
                                            Derelict LAYER 8 Netgate
                                            last edited by

                                            Dude was an iptables troll, dare I say dick.  I've been watching for the last couple days and I have seen a few questions answered with links into the doc wiki.  No, they weren't current with 2.1.5 but were more than enough information to get the config correct.

                                            Nothing could get me to migrate from pf to iptables.  Nothing.

                                            Chattanooga, Tennessee, USA
                                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.