Jump to content

Search the Community

Showing results for tags 'pfsense'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
    • Edge Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 5 results

  1. Originally was going to use wireguard on 1 VM but found I had to start routing more than I originally planned. So I've now switched to setting up wireguard in pfsense. I got wireguard in pfsense and all is fine with wireguard itself(at least I think it's not the issue) Now want to direct some traffic out wireguard and other traffic out WAN Once I connect the wireguard all NON-vpn devices lose access to the Internet - they can still communicate with each other inside the network but lose the ability to do anything internet based. However my VPN devices are working as they should, I haven't confirmed they are doing DNS properly yet as I want to get my other devices working first. To get wireguard working I used steps from: Basically I only have a few hosts to send out wireguard, the majority will use WAN (including DHCP clients) I'd like to take a group of IP's and make those go out the VPN, and anything else not. WAN interface has public internet IP - 68.x.x.x LAN gateway, this is gateway on all devices - DHCP Range - - Created an alias: NAT/Outbound - Hybrid Outbound I THINK this is allowing the wanted "protected" devices out via the VPN - this is good and what I'm wanting. In Firewall/Rules/LAN I have the following: Most examples for building this type of routing rules have involved openVPN and are from 2015. While this should be getting me close I still am not getting it to work. The things i"ve read indicate that the VPN connection should become a second gateway, and I'd just set that as the gateway on the VPN devices. However when I bring the wireguard connection up there is no second gateway getting auto-magically created. Do I have to create one? Shouldn't the rules I've put in place allow the flow of traffic over VPN, and if not meeting VPN then it flows over regular?
  2. Hello Community - First of all I hope that all is well with with all. These are troubling times that we currently are in. May Peace and Love Prevail. As Always The Intro - Lyrics by Jimi here - https://genius.com/Jimi-hendrix-power-of-love-lyrics and video : Power of Love - https://www.youtube.com/watch?v=-k-9Hb7RdgY Bonus - We Gotta Live Together (Live At Filmore East, 1970 / 50th Anniversary) - Lyrics - https://genius.com/Jimi-hendrix-we-gotta-live-together-live-at-filmore-east-1970-50th-anniversary-lyrics and video - https://www.youtube.com/watch?v=OOIuSsA72nM Now - let's get down to business. I recently bought a new mini-pc ( Qotom-Q375G4 Intel Core I7-5500U ) and I installed pfSense on it along side OPNsense. This little beast has 1 x Minipcie port (for mSATA SSD) and regular 1 x SATA Port on which I installed a Samsung SSD 860 EVO 250GB 2.5 Inch SATA III Internal SSD. So, OPNsense offers plugins and it is very easy to add the modules. Netdata is one of these plugins and I love it. Unfortunately, pfSense does not offer this as a native package. So, I set out to be able to install Netdata on pfSense. I looked around and found that this was not that difficult to achieve. So, I am putting this together for those who may wish to monitor their pfSense router with Netdata. Netdata boasts - Monitor everything in real time for free with Netdata. See here : https://github.com/netdata/netdata OK - here is what you need to do in order to get Netdata up and running on pfSense. I followed this guide here : https://learn.netdata.cloud/docs/agent/packaging/installer/methods/pfsense - Honestly this is a great guide - one of the best I have read. First - you need to install these four packages from the pfSense package repo with the following command below via SSH - 1 - # pkg install -y pkgconf bash e2fsprogs-libuuid libuv nano Next ( just follow the aforementioned guide ) - however you must always check the FreeBSD repo to see that you have the latest packages listed below; otherwise you will get an error message that " the package was not found ". Also, I have found as of late that if you try to access the main FreeBSD repo by entering the " https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/ " url - you will get the " 403 Forbidden - nginx error ". This precludes you from viewing the current FreeBSD package list. I searched around and found a FreeBSD package repo that seems to be up and stable - it is " http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ " located in South Africa. Virtually all of the FreeBSD package repos are inaccessible as well. Oddly, enough you are still able to download the FreeBSD packages from the main repo - it is just that you can not see the repo packages ( to check package latest versions by entering the url ). With that being said - let's proceed. So here we begin the process of installing the necessary packages from the FreeBSD repo. Some of these packages have been updated since the time that the referenced tutorial ( https://learn.netdata.cloud/docs/agent/packaging/installer/methods/pfsense was written / Last updated on 5/19/2020 . Also - remember to install the packages for your architecture. pfsense 2.4.5_1 is based on FreeBSD 11.3-STABLE - so you would go to : http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/ for your packages. If you are like me and you run pfsense 2.5.0 ( Development Snapshots which are based on FreeBSD 12.0 ) you will need packages from : http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ - With that all out of the way - no more delays. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Install these packages from the FreeBsd repo ( for pfSense 2.5.0 ) in the exact order as listed via SSH as shown below : 2 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/Judy-1.0.5_2.txz 3 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-certifi-2020.6.20.txz 4 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-asn1crypto-1.3.0.txz 5 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-pycparser-2.20.txz 6 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-cffi-1.14.0_1.txz 7 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-six-1.14.0.txz 8 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-cryptography-2.6.1.txz 9 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-idna-2.8.txz 10 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-openssl-19.0.0.txz 11 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-pysocks-1.7.1.txz 12 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-urllib3-1.25.7,1.txz 13 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-yaml-5.3.1.txz 14 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/netdata-1.23.1.txz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Install these packages from the FreeBsd repo ( for pfsense 2.4.5_1 ) in the exact order as listed via SSH as shown below : 2 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/Judy-1.0.5_2.txz 3 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-certifi-2020.6.20.txz 4 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-asn1crypto-1.3.0.txz 5 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-pycparser-2.20.txz 6 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-cffi-1.14.0_1.txz 7 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-six-1.14.0.txz 8 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-cryptography-2.6.1.txz 9 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-idna-2.8.txz 10 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-openssl-19.0.0.txz 11 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-pysocks-1.7.1.txz 12 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-urllib3-1.25.7,1.txz 13 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-yaml-5.3.1.txz 14 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/netdata-1.23.1.txz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX After installing all these packages above Netdata is installed on your pfSense Box. We must now configure Netdata. As the guide says you must edit the following file " /usr/local/etc/netdata/netdata.conf " You may accomplish though the WEBGUI or by using Nano. For WEBGUI - from top line Menu go to Diagnostics > from down down menu go to > Edit File. Paste " /usr/local/etc/netdata/netdata.conf " in " Path to file to be edited " Box - the click on " Load ". The file will appear and you can edit it easily from here. Third line from the bottom - you must change ( designate ) the " bind to = " address from default " " to something else. The guide suggests the address of " " - I change the address to that of my LAN IP Address. For example if your LAN IP is - enter that address as follows : " bind to = " then click on Save. I do this to restrict access to Netdata on my pfSense instance. Now we need to set up Netdata to start on boot up. The author notes that " To start Netdata manually, run service netdata onestart. " - this is only good for one time start. You now can enter Netdata by going to after manual start in this example. The guide suggests using Shellcmd utility in order start Netdata at boot. I disagree and will show you how to start Netdata at boot the standard pfSense way. See below - Start Netdata At Boot: 1 - In pfSense, the Netdata configuration files are located under /usr/local/etc/netdata. See the very bottom of the page for this information. So in order to start Netdata at boot do the following : A - Issue following command via SSH - # mv /usr/local/etc/rc.d/netdata /usr/local/etc/rc.d/netdata.sh B - Make the file new executable - I run two commands - works for me # # chmod 744 /usr/local/etc/rc.d/netdata.sh and # chmod a+x /usr/local/etc/rc.d/netdata.sh C - Edit new file go to line 37 : ${netdata_enable="NO"} and change from : ${netdata_enable="NO"} to : ${netdata_enable="YES"} You may edit file " /usr/local/etc/rc.d/netdata.sh " as before either through WEBGUI or Nano. Reboot your pfSesne router and you will see that Netdata starts on boot. Enjoy and Peace Always Unto You and The Entire World.
  3. Dear TorGuard Pfsense WireGuard Users, Please Read The Entire Guide / Tutorial Before You Begin - It Will Save You Potential Setup Issues and Detail All Setup Options First you all know the drill by now - " The Intro " to pay homage to an all time oft forgotten Stax Great who speaks my mind right about now / lyrics - https://genius.com/Otis-redding-respect-lyrics and video : https://www.youtube.com/watch?v=7BDw-H_hUzw - and Nina Simone to boot : lyrics : https://genius.com/Nina-simone-mississippi-goddam-lyrics and video : https://www.youtube.com/watch?v=LJ25-U3jNWM Hello and I hope all are safe and well. Ascrod has been kind enough to make available a package for WireGuard on pfsense. I have tested the package and would like to recommend this to all of those who might be interested. The package thread and discussion are found here : https://forum.netgate.com/topic/150943/i-made-a-wireguard-package-for-pfsense and here on Github : https://github.com/Ascrod/pfSense-pkg-wireguard Here are Ascrod assets in releases on github : https://github.com/Ascrod/pfSense-pkg-wireguard/releases There is a webgui for WireGuard and it works well.The package works very well on pfsense 2.4.5. I was finally able to build my own Lucasnz pfsense 2.5.0 package successfully - and it worked as intended. Read the update for pfsense 2.5.0 pfSense-pkg-wireguard below. There also is a fork of this pfsense package developed by Ashus / pfSense-pkg-wireguard found here : https://github.com/Ashus/pfSense-pkg-wireguard Lucasnz see here for homepage : https://github.com/lucasnz/pfSense-pkg-wireguard lucasnz/pfSense-pkg-wireguard forked from Ascrod/pfSense-pkg-wireguard Here are Lucasnz assets in releases on github : https://github.com/lucasnz/pfSense-pkg-wireguard/releases/tag/v1.0.1 Please Note He Has Only One Package Which Is For pfSense 2.4.5 . If you want Lucasnz for pfSense 2.5.0 then you may either use the pre-compiled package I offer up here or build your own by following the tutorial provided below. For those interested - I have one link to a tutorial and another which points you to an already compiled Lucasnz package for pfsense 2.5.0 - which is based on FreeBSD 12. The tutorial illustrates and instructs you how to build your own Lucasnz pfSense-pkg-wireguard-1.0.1.txz package. The reason that I chose Lucasnz is because " that it just works ". Lucasnz WireGuard for pfsense survives reboots, upgrades - and has no issues with DNS or any such other related problems. The links are here below for all those interested : https://drive.google.com/file/d/1b8coPZvqmhisHpoFBfOBV9BYaH917yaC/view?usp=sharing / tutorial link https://drive.google.com/file/d/1SaggDk6-1BOwcSa4-498jQfGZICqqvsb/view?usp=sharing / package download These really work well IMHO - so I hope this helps and a word to the wise should be sufficient. I am going to try to get Ashus / pfSense-pkg-wireguard to work on pfsense 2.5.0 and I will report my findings. UPDATE BELOW : Well, I got in touch with Ashus - and he was kind enough to build and compile a " proper and official " pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz ( this is the package needed for pfsense 2.5.0 ) . Here are Ashus assets in releases on github : https://github.com/Ashus/pfSense-pkg-wireguard/releases by using Ashus packages you can either install pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz ( for pfsense 2.4.5 / based on FreeBsd 11 ) or use his new pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz ( for pfsense 2.5.0 -devel - based on FreeBsd 12 ) . Always check https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/ or https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ for the latest packages in the FreeBsd Repo depending on your architecture - especially as bash, wireguard-go, and wireguard packages are updated periodically. I have found as of late that if you try to access the main FreeBSD repo by entering the " https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/ " url - you will get the " 403 Forbidden - nginx error ". This precludes you from viewing the current FreeBSD package list. I searched around and found a FreeBSD package repo that seems to be up and stable - it is " http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ " or http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/ which is located in South Africa. Virtually all of the FreeBSD package repos are inaccessible as well. Oddly, enough you are still able to download the FreeBSD packages from the main repo - it is just that you can not see the repo packages ( to check package latest versions by entering the url ). With that being said - let's proceed. the complete needed software installation is outlined like this here - see below : Use Putty or Kitty to enter an SSH session on your pfsense router in order to proceed : Or Use FreeBsd Mirror - http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ These packages indicated below are correct and updated as of 10/19/2020 / always remember check FreeBSD package repo for latest dependency packages The procedure detailed below is for pfsense 2.5.0 / FreeBsd 12 : Best To Use FreeBsd Mirror - http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ 1. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/bash-5.0.18_3.txz 2. (opt.) pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/bash-completion-2.11,2.txz 3. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/wireguard-go-0.0.20200320.txz 4. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/wireguard-1.0.20200827.txz 5. pkg add https://github.com/Ashus/pfSense-pkg-wireguard/releases/download/v1.0.1b/pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz Best To Use FreeBsd Mirror - http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/ This procedure detailed below is for pfsense 2.4.5 / FreeBsd 11 : 1. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/bash-5.0.18_3.txz 2. (opt.) pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/bash-completion-2.11,2.txz 3. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-go-0.0.20200320.txz 4. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-1.0.20200827.txz 5. pkg add https://github.com/Ashus/pfSense-pkg-wireguard/releases/download/v1.0.1b/pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz Please Note and Understand : I strongly recommend using Lucasnz pfSense-pkg-wireguard-1.0.1.txz package for the reasons detailed above. For pfSense 2.4.5 ( Based on FreeBsd 11 ) in step # 5 substitute the line below : 5. pkg add https://github.com/lucasnz/pfSense-pkg-wireguard/releases/download/v1.0.1/pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz For Lucasnz for pfSense 2.5.0 ( Based on FreeBsd 12 ) - 1 - Download the already compiled Lucasnz pfSense-pkg-wireguard-1.0.1.txz package above ( or build your own from tutorial above ) to usb drive or desktop folder where you can find this later. 2 - Next fire up your pfSense 2.5.0 router. WinSCP ( scp protocol ) into your 2.5.0 router and transfer ( drag and drop ) the Lucasnz pfSense-pkg-wireguard-1.0.1.txz from the local directory you exported it to earlier ( in this case on my Windows 10 machine ) into the /root directory of your pfSense 2.5.0 router. 3 - Finally, for pfSense 2.5.0 in step # 5 substitute the line below : 5. pkg add pfSense-pkg-wireguard-1.0.1.txz ( Use / substitute your WinSCP transferred package here ) You can also try Ascrod's Wireguard package but this is described in detail in the first link above. Ashus has more features - you can read the documentation for each and make your decision. These are Ashus' Wireguard setup directions below : Configuration Configure an interface and any number of peers. Then go to the Assign Interfaces screen and create a new interface for tunwg0. Name it, enable it, and don't touch any other settings. Once the interface is up, you can create firewall rules for it, forward ports to it, and generally treat it the same as a physical interface. It should also persist across reboots. If there is a need for more interfaces, add the tunwg1.conf or more files with incremental interface number to /usr/local/etc/wireguard/. Unfortunately those cannot be currently edited via GUI, and everytime you add more, you need to reinstall this package or wireguard service. Each time the service is reinstalled, all tunnels are detected from files again, so they could persist across reboots and could be reloaded from GUI all at once. For help with configuring WireGuard, please read the official documentation . The unofficial documentation and examples may also be helpful. 1 - You must fill in your TorGuard WirGuard information in the WireGuard webgui - under VPN > WireGuard > Interface and VPN > WireGuard > Peers - and Save Both entries See this tutorial here for directions as to how to generate your TorGuard Wireguard Configuration Files : https://forums.torguard.net/index.php?/topic/1698-pfsense-wireguard-client-working-with-catch-22/ Read Step 2 on that page for detailed explanation 2- Create WireGuard Interface with this command : # wg-quick up tunwg0 Then go to Interfaces > Assign Interfaces Add tunwg0 ( opt 1 , 2 etc depending on your setup ) Name it, enable it, and don't touch any other settings. 3 - Then setup firewall rules for tunwg0 - there are many firewall setup options to be found here : https://forum.netgate.com/topic/150943/i-made-a-wireguard-package-for-pfsense Just read through the thread. If you want a simple firewall rule setup see below : 4 - Now head to pfSense WEBGUI in order to configure Wireguard Interface ( created earlier ) and FireWall Rule. First, go to Interfaces > Assignments -you will see tunwg0 interface - click (+) add button /symbol. Once the tunwg0 interface is listed as ( OPT 1 - 2 depending on your setup ) - Click underneath it - - enter check in " Enable interface " - and enter description - I call mine " WIRE " - DO NOTHING ELSE HERE ! Save and Apply - Done with this phase. 5 - Next - Firewall Rule - go to Firewall > NAT > Outbound Once on this Landing Page put a Dot in radio button Hybrid outbound NAT rule generation - Click on Save - Do Not - Repeat Do Not Click Save and Apply At This Time - Instead Click on Add Square with Up Arrow (underneath Mappings ) on the page which opens change Interface from WAN in drop down menu to your WireGuard ( tunwg0 ) Interface which you created and labeled previously - in this example " WIRE " . Next - Change Source Address to " ANY " from the drop down menu. Leave / Set Translation/target to Interface address. Enter " Description -e.g. " Made For Wire " now Click " Save " at bottom of page. You will be taken back to Firewall:Nat:Outbound Landing Page - Click on " Apply Changes " in right upper hand corner - Done with Firewall Rule. This rule is the only one you need. Now that your TorGuard WireGuard Client is installed and ready - you may enter command # /usr/local/etc/rc.d/wireguard.sh restart in order to start it up. You may also reboot your pfsense Router Hope this helps someone - See screenshots below for illustrative purposes - enjoy !!! Naturally substitute your own TorGuard WireGuard connection information Peace, directnupe
  4. Is it possible to get torguard working in PFSense with Stunnel? Or some other way to stop the constant Authenticate/Decrypt packet error’s I get which reduces the connection to a crawl when I use UDP on a Virgin media connection? I’ve found using TCP stops the errors but the speed is then abysmal. If I use the torguard client with stunnel enabled however the speeds improve. The only problem is I need stunnel working on pfsense not the client. Any help appreciated.
  5. If you are lucky to have pfsense box, then use this hack to create full proof kill switch: Firewall > Rules, Floating tab Action: Pass Disabled: unchecked Quick: checked Interface: WAN Direction: out TCP/IP Version: IPv4 Protocol: UDP Source: any Destination: TorGuard's IP ADDRESS Destination port range: VPN X port of TorGuard's VPN server Then below that rule: Action: Reject Disabled: unchecked Quick: checked Interface: WAN Direction: out TCP/IP Version: IPv4 Protocol: any Source: any Destination: any Destination port range: any That will allow outbound connections to only 1 IP on UDP X and block everything else. x = port
  • Create New...