• 0 Votes
    8 Posts
    121 Views
    V

    @ThePowerPig
    So add an additional rule to allow access to internal subnets (best to create an RFC 1918 alias for this purpose), but at least for the IPs you want to access from the device in question, and move this rule up above of the policy routing rule.

  • How to update to the latest Telegraf version

    pfSense Packages
    9
    0 Votes
    9 Posts
    1k Views
    R

    @rocket

    Updated July 20-2025

    pfsense 24.11 - Telegraf freebsd-15

    pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg

    pfsense 2.7.2 - Telegraf freebsd-14

    pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg

    https://www.freshports.org/net-mgmt/telegraf/#history

  • 0 Votes
    4 Posts
    143 Views
    stephenw10S

    Yup, there was a backend issue. Should be good now.

  • System - Package Manager - Available Packages

    General pfSense Questions
    5
    0 Votes
    5 Posts
    139 Views
    M

    @SteveITS

    Thank you for the clarification. You're right — better to be safe. I’ll update FW2 when I'm on site, and then FW1, which is my usual one.

  • Not understanding Boot Environments

    General pfSense Questions
    4
    0 Votes
    4 Posts
    156 Views
    stephenw10S

    Mmm that^.

    However what you will see is that after booting back into the 24.11 BE the update branch will still be set to 25.07-RC because that was the last thing that was done before the upgrade took the snapshot. So if you plan to run 24.11 for some time after reverting you would need to set the update branch back to 24.11 in that BE before doing any package operations.

  • Updated PIMD package (beta)

    pfSense Packages
    1
    0 Votes
    1 Posts
    82 Views
    No one has replied
  • New pfblockerNG install Database Sanity check Failed

    pfBlockerNG
    39
    0 Votes
    39 Posts
    4k Views
    M

    @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

    Therefore:

    Addition for anyone struggling to find where to edit files on your pfsense system.

    Go to Diagnostics --> Edit File --> insert the location of the file:

    /usr/local/pkg/pfblockerng/pfblockerng.sh

    Go to line number 1232 by filling it in the Go to line field.

    That line should read:

    s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

    replace only (leave the rest intact):

    masterfile

    to

    mastercat

    Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

  • 0 Votes
    6 Posts
    116 Views
    johnpozJ

    @rasputinthegreatest well blocking and not log would just be any any udp to that ff0e::c address or port 1900 anything, etc. And don't have it log.

    As to the scanners - that is a pfblocker alias I have.. And put that in a floating rule.

    scandeny.jpg

  • New PPPoE backend, some feedback

    Development
    225
    0 Votes
    225 Posts
    33k Views
    L

    @RobbieTT

    Be aware that I am not at all saying that a user can directly access the ISP-node, but I am sure that PPOE interface can !!

    Whats ever I it helps, I am absolutely OK to activate PPOE debug logging for a short period!

    Note that my actual config is like this
    ISP => ISP-fiber-interface => one of my small switches => pfSense.

    Internet should arrive via VLAN 6, IPTV via VLAN4 and (Old) VoIP via VLAN7.
    Untagged routed to vlan1 and vlans (internet) are routed to pfSense.

    I did add vlan1 to be quite sure that even untagged messages are passing to pfSense. Normally I would simply have blocked untagged. However the PPPOE is assigned to VLAN6.

  • 0 Votes
    2 Posts
    145 Views
    T

    The repo seems to be back online today Jul 19th, I was able to complete the fresh install.

  • Load balancing not actually balanced?

    Routing and Multi WAN
    3
    0 Votes
    3 Posts
    114 Views
    D

    @Nicholas97 Sticky connections are not enabled. Gateway status is fine. Weights for each LAN are set to 1 which should be fine for 2x gigabit connections and total bandwidth used of less than 1gbps. Will look at the logs but will have to figure out what I'm looking for ... will report back.

    I have read the multiwan load balancing docs pretty well and searched the forums here before posting this originally. Unless there are other pfsense forums you're referring to?

  • CE v2.8.0 issues

    Problems Installing or Upgrading pfSense Software
    4
    1 Votes
    4 Posts
    325 Views
    stephenw10S

    Hmm, but they are policy based tunnels? And 300 Phase 1 configs not a total of 300 Phase 2 configs for example?

    I'm not aware of any issue in 2.8 that might present like that for IPSec.

  • 0 Votes
    3 Posts
    59 Views
    W

    and then it worked...

  • Как скачать pfsense 2.8.0?

    Russian
    3
    0 Votes
    3 Posts
    88 Views
    D

    @werter
    Благодарю за ссылки!
    Поток негатива на netinstaller уже пошёл.
    Задушат pf CE походу...

  • Amcrest Camera Function Direct VPN vs Site to Site

    WireGuard
    1
    0 Votes
    1 Posts
    44 Views
    No one has replied
  • pfSense Plus 25.07 Beta Now Available

    Messages from the pfSense Team
    28
    4 Votes
    28 Posts
    2k Views
    brezlordB

    UI Update output.

    >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching data.pkg: . done Processing entries: . done pfSense-core repository update completed. 5 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching data.pkg: .......... done Processing entries: .......... done pfSense repository update completed. 733 packages processed. All repositories are up to date. >>> Setting vital flag on pkg...done. >>> Setting vital flag on pfSense...done. >>> Renaming current boot environment from 25.03 to 25.03_20250719205419...done. >>> Cloning current boot environment 25.03_20250719205419...done. >>> Removing vital flag from php83...done. >>> Upgrading packages in cloned boot environment 25.03... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (10 candidates): .......... done Processing candidates (10 candidates): .......... done The following 10 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: if_pppoe-kmod: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense-base: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-boot: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-default-config-serial: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-kernel-pfSense: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-pkg-Nexus: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-pkg-System_Patches: 2.2.21_1 -> 2.2.21_2 [pfSense] pfSense-repoc: 20250419 -> 20250520 [pfSense] unbound: 1.22.0_1 -> 1.23.0 [pfSense] Number of packages to be upgraded: 10 The operation will free 12 MiB. 214 MiB to be downloaded. [1/10] Fetching unbound-1.23.0.pkg: .......... done [2/10] Fetching pfSense-pkg-System_Patches-2.2.21_2.pkg: ......... done [3/10] Fetching if_pppoe-kmod-25.07.r.20250715.1733.1500029.pkg: ... done [4/10] Fetching pfSense-pkg-Nexus-25.07.r.20250715.1733.pkg: .......... done [5/10] Fetching pfSense-kernel-pfSense-25.07.r.20250715.1733.pkg: .......... done [6/10] Fetching pfSense-base-25.07.r.20250715.1733.pkg: .......... done [7/10] Fetching pfSense-25.07.r.20250715.1733.1500029.pkg: .......... done [8/10] Fetching pfSense-boot-25.07.r.20250715.1733.pkg: .......... done [9/10] Fetching pfSense-default-config-serial-25.07.r.20250715.1733.pkg: . done [10/10] Fetching pfSense-repoc-20250520.pkg: .......... done Checking integrity... done (0 conflicting) [1/10] Upgrading unbound from 1.22.0_1 to 1.23.0... ===> Creating groups Using existing group 'unbound' ===> Creating users Using existing user 'unbound' [1/10] Extracting unbound-1.23.0: .......... done [2/10] Upgrading pfSense-repoc from 20250419 to 20250520... [2/10] Extracting pfSense-repoc-20250520: .. done [3/10] Upgrading if_pppoe-kmod from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [3/10] Extracting if_pppoe-kmod-25.07.r.20250715.1733.1500029: .. done [4/10] Upgrading pfSense-boot from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [4/10] Extracting pfSense-boot-25.07.r.20250715.1733: .......... done [5/10] Upgrading pfSense-pkg-System_Patches from 2.2.21_1 to 2.2.21_2... [5/10] Extracting pfSense-pkg-System_Patches-2.2.21_2: .......... done [6/10] Upgrading pfSense-pkg-Nexus from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [6/10] Extracting pfSense-pkg-Nexus-25.07.r.20250715.1733: .......... done [7/10] Upgrading pfSense-kernel-pfSense from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [7/10] Extracting pfSense-kernel-pfSense-25.07.r.20250715.1733: .......... done [8/10] Upgrading pfSense-base from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [8/10] Extracting pfSense-base-25.07.r.20250715.1733: ... done ===> Keeping a copy of current version mtree ===> Removing schg flag from base files ===> Extracting new base tarball ===> Removing static obsoleted files [9/10] Upgrading pfSense from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [9/10] Extracting pfSense-25.07.r.20250715.1733.1500029: .......... done [10/10] Upgrading pfSense-default-config-serial from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733: [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733... done Failed
  • 0 Votes
    11 Posts
    387 Views
    R

    @70tas Indeed the global token does not work anymore, you must use the API token. And then for the login, do not use your email address. As I wrote before: "One must use the Zone ID when using the API token."

    I have this working using the DDNS GUI. I only needed the script for debugging.

  • 0 Votes
    18 Posts
    2k Views
    JonathanLeeJ

    @aGeekhere They just release Squid 7 and it is stable if you want to check it out

    "The Squid HTTP Proxy team is very pleased to announce the availability
    of the Squid-7.1 release!

    This release is, we believe, stable enough for general production use.
    We encourage all users of any previous major version of Squid to upgrade to it,
    as well as users of beta version 7.0.X.

    It can be downloaded from GitHub, at
    https://github.com/squid-cache/squid/releases/tag/SQUID_7_1

    Since version 6, Squid offers:

    better support for overlapping IP ranges and wildcard domains in acl countless security, portability, and documentation fixes

    Since version 6, some previously deprecated features have been removed:

    Edge Side Includes (ESI) access to the cache manager using the cache_object:// scheme - use
    http instead the squdclient tool - use curl
    http://<squid-address>/squid-internal-mgr/menu instead the cachemgr.cgi tool the purge tool - use the http PURGE method instead Ident protocol support basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's
    ntlm_auth instead

    Further details can be found in the release notes and in the changelog

    Please remember to run "squid -k parse" when testing the upgrade to a new
    version of Squid. It will audit your configuration files and report
    any identifiable issues the new release will have in your installation
    before you "press go".

    If you encounter any issues with this release please file a bug report at
    https://bugs.squid-cache.org/

    --
    Francesco Chemolli

    squid-users mailing list
    squid-users@lists.squid-cache.org
    https://lists.squid-cache.org/listinfo/squid-users"

    I am having issues with this right now

    "I got as far as this with the make clean install no matter what I do I can’t get this package installed. I have tried pkg install heimdal same error after install and pkg install krb5 and pkg install krb5-devel. I don’t know what I am doing wrong it does the make clean for a while and crashes for the bootstrap version the other one I could get going

    ERROR: checking whether S5L_CTX_sess_set_get_cb() callback accepts a const ID argument" ... yes checking "whether X509_get0_signature() accepts const parameters" ... yes checking whether the TXT_DB use OPENSSL_PSTRING data member... yes checking whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_V alue should used... no checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used ... yes configure: OpenSSL library support: yes -lcrypto -lss1 configure "Library -Kit-kros" support: no (auto) /configure: LIBHEIMDAL_KRB5_PATH+=-L/usr/lib: not found /configure: LIBHEIMDAL_KRB5_CFLAGS+=-1/usr/include: not found checking for LIBHEIMDAL_KRB5... no configure: error: Required library 'heimdal-krb5' not found ニニニン Script "configure" failed unexpectedly. Please report the problem to timp87@gmail.com maintainerl and attach the '/usr/ports/uuu/squid/uork/squid-7.1/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system te.g. a /usr/local/sbin/pkg-static into -g -tal. *** Error code 1 Stop. makel1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid root@free:/usr/ports/www/squid #"

    it gets so far along and fails with this error.

  • PHP memory error

    pfBlockerNG
    5
    0 Votes
    5 Posts
    424 Views
    K

    Thanks everyone. That did it. No more errors!!

  • Wireguard performance - where's the limitation?

    WireGuard
    3
    0 Votes
    3 Posts
    130 Views
    T

    @Bob-Dig thanks
    But I cannot understand why the FTP performance is crippled when going via Wireguard and not when going via the WAN.
    The same happens for NFS and SMB file sharing protocols. The performance over Wireguard is rather poor, although I haven't tried these over an unencrypted WAN for obvious reasons so can't really compare.