Jump to content

Search the Community

Showing results for tags 'pfsense'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 4 results

  1. Hello Community - First of all I hope that all is well with with all. These are troubling times that we currently are in. May Peace and Love Prevail. As Always The Intro - Lyrics by Jimi here - https://genius.com/Jimi-hendrix-power-of-love-lyrics and video : Power of Love - https://www.youtube.com/watch?v=-k-9Hb7RdgY Bonus - We Gotta Live Together (Live At Filmore East, 1970 / 50th Anniversary) - Lyrics - https://genius.com/Jimi-hendrix-we-gotta-live-together-live-at-filmore-east-1970-50th-anniversary-lyrics and video - https://www.youtube.com/watch?v=OOIuSsA72nM Now - let's get down to business. I recently bought a new mini-pc ( Qotom-Q375G4 Intel Core I7-5500U ) and I installed pfSense on it along side OPNsense. This little beast has 1 x Minipcie port (for mSATA SSD) and regular 1 x SATA Port on which I installed a Samsung SSD 860 EVO 250GB 2.5 Inch SATA III Internal SSD. So, OPNsense offers plugins and it is very easy to add the modules. Netdata is one of these plugins and I love it. Unfortunately, pfSense does not offer this as a native package. So, I set out to be able to install Netdata on pfSense. I looked around and found that this was not that difficult to achieve. So, I am putting this together for those who may wish to monitor their pfSense router with Netdata. Netdata boasts - Monitor everything in real time for free with Netdata. See here : https://github.com/netdata/netdata OK - here is what you need to do in order to get Netdata up and running on pfSense. I followed this guide here : https://learn.netdata.cloud/docs/agent/packaging/installer/methods/pfsense - Honestly this is a great guide - one of the best I have read. First - you need to install these four packages from the pfSense package repo with the following command below via SSH - 1 - # pkg install -y pkgconf bash e2fsprogs-libuuid libuv nano Next ( just follow the aforementioned guide ) - however you must always check the FreeBSD repo to see that you have the latest packages listed below; otherwise you will get an error message that " the package was not found ". Also, I have found as of late that if you try to access the main FreeBSD repo by entering the " https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/ " url - you will get the " 403 Forbidden - nginx error ". This precludes you from viewing the current FreeBSD package list. I searched around and found a FreeBSD package repo that seems to be up and stable - it is " http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ " located in South Africa. Virtually all of the FreeBSD package repos are inaccessible as well. Oddly, enough you are still able to download the FreeBSD packages from the main repo - it is just that you can not see the repo packages ( to check package latest versions by entering the url ). With that being said - let's proceed. So here we begin the process of installing the necessary packages from the FreeBSD repo. Some of these packages have been updated since the time that the referenced tutorial ( https://learn.netdata.cloud/docs/agent/packaging/installer/methods/pfsense was written / Last updated on 5/19/2020 . Also - remember to install the packages for your architecture. pfsense 2.4.5_1 is based on FreeBSD 11.3-STABLE - so you would go to : http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/ for your packages. If you are like me and you run pfsense 2.5.0 ( Development Snapshots which are based on FreeBSD 12.0 ) you will need packages from : http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ - With that all out of the way - no more delays. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Install these packages from the FreeBsd repo ( for pfSense 2.5.0 ) in the exact order as listed via SSH as shown below : 2 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/Judy-1.0.5_2.txz 3 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-certifi-2020.6.20.txz 4 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-asn1crypto-1.3.0.txz 5 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-pycparser-2.20.txz 6 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-cffi-1.14.0_1.txz 7 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-six-1.14.0.txz 8 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-cryptography-2.6.1.txz 9 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-idna-2.8.txz 10 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-openssl-19.0.0.txz 11 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-pysocks-1.7.1.txz 12 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-urllib3-1.25.7,1.txz 13 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/py37-yaml-5.3.1.txz 14 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/netdata-1.23.1.txz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Install these packages from the FreeBsd repo ( for pfsense 2.4.5_1 ) in the exact order as listed via SSH as shown below : 2 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/Judy-1.0.5_2.txz 3 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-certifi-2020.6.20.txz 4 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-asn1crypto-1.3.0.txz 5 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-pycparser-2.20.txz 6 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-cffi-1.14.0_1.txz 7 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-six-1.14.0.txz 8 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-cryptography-2.6.1.txz 9 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-idna-2.8.txz 10 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-openssl-19.0.0.txz 11 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-pysocks-1.7.1.txz 12 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-urllib3-1.25.7,1.txz 13 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/py37-yaml-5.3.1.txz 14 - # pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/netdata-1.23.1.txz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX After installing all these packages above Netdata is installed on your pfSense Box. We must now configure Netdata. As the guide says you must edit the following file " /usr/local/etc/netdata/netdata.conf " You may accomplish though the WEBGUI or by using Nano. For WEBGUI - from top line Menu go to Diagnostics > from down down menu go to > Edit File. Paste " /usr/local/etc/netdata/netdata.conf " in " Path to file to be edited " Box - the click on " Load ". The file will appear and you can edit it easily from here. Third line from the bottom - you must change ( designate ) the " bind to = " address from default " " to something else. The guide suggests the address of " " - I change the address to that of my LAN IP Address. For example if your LAN IP is - enter that address as follows : " bind to = " then click on Save. I do this to restrict access to Netdata on my pfSense instance. Now we need to set up Netdata to start on boot up. The author notes that " To start Netdata manually, run service netdata onestart. " - this is only good for one time start. You now can enter Netdata by going to after manual start in this example. The guide suggests using Shellcmd utility in order start Netdata at boot. I disagree and will show you how to start Netdata at boot the standard pfSense way. See below - Start Netdata At Boot: 1 - In pfSense, the Netdata configuration files are located under /usr/local/etc/netdata. See the very bottom of the page for this information. So in order to start Netdata at boot do the following : A - Issue following command via SSH - # mv /usr/local/etc/rc.d/netdata /usr/local/etc/rc.d/netdata.sh B - Make the file new executable - I run two commands - works for me # # chmod 744 /usr/local/etc/rc.d/netdata.sh and # chmod a+x /usr/local/etc/rc.d/netdata.sh C - Edit new file go to line 37 : ${netdata_enable="NO"} and change from : ${netdata_enable="NO"} to : ${netdata_enable="YES"} You may edit file " /usr/local/etc/rc.d/netdata.sh " as before either through WEBGUI or Nano. Reboot your pfSesne router and you will see that Netdata starts on boot. Enjoy and Peace Always Unto You and The Entire World.
  2. Dear TorGuard Pfsense WireGuard Users, Hello and I hope all are safe and well. Ascrod has been kind enough to make available a package for WireGuard on pfsense. I have tested the package and would like to recommend this to all of those who might be interested. The package thread and discussion are found here : https://forum.netgate.com/topic/150943/i-made-a-wireguard-package-for-pfsense and here on Github : https://github.com/Ascrod/pfSense-pkg-wireguard Here are Ascrod assets in releases on github : https://github.com/Ascrod/pfSense-pkg-wireguard/releases There is a webgui for WireGuard and it works well.The package works very well on pfsense 2.4.5 - however; I tried to build a package for pfsense 2.5.0 to no avail. Read that I could not get it to work as well as the 2.4.5 version performed. I was finally able to build my own pfsense 2.5.0 package successfully - and it worked as intended. Read the update for pfsense 2.5.0 pfSense-pkg-wireguard below. There also is a fork of this pfsense package developed by Ashus / pfSense-pkg-wireguard found here : https://github.com/Ashus/pfSense-pkg-wireguard Lucasnz see here for homepage : https://github.com/lucasnz/pfSense-pkg-wireguard lucasnz/pfSense-pkg-wireguard forked from Ascrod/pfSense-pkg-wireguard For those interested - I have one link to a tutorial and another which points you to an already compiled Lucasnz package for pfsense 2.5.0 - which is based on FreeBSD 12. The tutorial illustrates and instructs you how to build your own Lucasnz pfSense-pkg-wireguard-1.0.1.txz package. The reason that I chose Lucasnz is because " that it just works ". Lucasnz WireGuard for pfsense survives reboots, upgrades - and has no issues with DNS or any such other related problems. The links are here below for all those interested : https://drive.google.com/file/d/1b8coPZvqmhisHpoFBfOBV9BYaH917yaC/view?usp=sharing / tutorial link https://drive.google.com/file/d/1SaggDk6-1BOwcSa4-498jQfGZICqqvsb/view?usp=sharing / package download These really work well IMHO - so I hope this helps and a word to the wise should be sufficient. I am going to try to get Ashus / pfSense-pkg-wireguard to work on pfsense 2.5.0 and I will report my findings. UPDATE BELOW : Well, I got in touch with Ashus - and he was kind enough to build and compile a " proper and official " pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz ( this is the package needed for pfsense 2.5.0 ) . Here are Ashus assets in releases on github : https://github.com/Ashus/pfSense-pkg-wireguard/releases by using Ashus packages you can either install pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz ( for pfsense 2.4.5 / based on FreeBsd 11 ) or use his new pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz ( for pfsense 2.5.0 -devel - based on FreeBsd 12 ) . Always check https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/ or https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ for the latest packages in the FreeBsd Repo depending on your architecture - especially as bash, wireguard-go, and wireguard packages are updated periodically. The complete needed software installation is outlined like this here - see below : Use Putty or Kitty to enter an SSH session on your pfsense router in order to proceed : The procedure detailed below is for pfsense 2.5.0 / FreeBsd 12 : 1. pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/bash-5.0.17.txz 2. (opt.) pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/bash-completion-2.10,2.txz 3. pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/wireguard-go-0.0.20200320.txz 4. pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/wireguard-1.0.20200513.txz 5. pkg add https://github.com/Ashus/pfSense-pkg-wireguard/releases/download/v1.0.1b/pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz This procedure detailed below is for pfsense 2.4.5 / FreeBsd 11 : 1. pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/bash-5.0.17.txz 2. (opt.) pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/bash-completion-2.10,2.txz 3. pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-go-0.0.20200320.txz 4. pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-1.0.20200513.txz 5. pkg add https://github.com/Ashus/pfSense-pkg-wireguard/releases/download/v1.0.1b/pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz You can also try Ascrod's Wireguard package but this is described in detail in the first link above. Ashus has more features - you can read the documentation for each and make your decision. These are Ashus' Wireguard setup directions below : Configuration Configure an interface and any number of peers. Then go to the Assign Interfaces screen and create a new interface for tunwg0. Name it, enable it, and don't touch any other settings. Once the interface is up, you can create firewall rules for it, forward ports to it, and generally treat it the same as a physical interface. It should also persist across reboots. If there is a need for more interfaces, add the tunwg1.conf or more files with incremental interface number to /usr/local/etc/wireguard/. Unfortunately those cannot be currently edited via GUI, and everytime you add more, you need to reinstall this package or wireguard service. Each time the service is reinstalled, all tunnels are detected from files again, so they could persist across reboots and could be reloaded from GUI all at once. For help with configuring WireGuard, please read the official documentation . The unofficial documentation and examples may also be helpful. 1 - You must fill in your TorGuard WirGuard information in the WireGuard webgui - under VPN > WireGuard > Interface and VPN > WireGuard > Peers - and Save Both entries See this tutorial here for directions as to how to generate your TorGuard Wireguard Configuration Files : https://forums.torguard.net/index.php?/topic/1698-pfsense-wireguard-client-working-with-catch-22/ Read Step 2 on that page for detailed explanation 2- Create WireGuard Interface with this command : # wg-quick up tunwg0 Then go to Interfaces > Assign Interfaces Add tunwg0 ( opt 1 , 2 etc depending on your setup ) Name it, enable it, and don't touch any other settings. 3 - Then setup firewall rules for tunwg0 - there are many firewall setup options to be found here : https://forum.netgate.com/topic/150943/i-made-a-wireguard-package-for-pfsense Just read through the thread. If you want a simple firewall rule setup see below : 4 - Now head to pfSense WEBGUI in order to configure Wireguard Interface ( created earlier ) and FireWall Rule. First, go to Interfaces > Assignments -you will see tunwg0 interface - click (+) add button /symbol. Once the tunwg0 interface is listed as ( OPT 1 - 2 depending on your setup ) - Click underneath it - - enter check in " Enable interface " - and enter description - I call mine " WIRE " - DO NOTHING ELSE HERE ! Save and Apply - Done with this phase. 5 - Next - Firewall Rule - go to Firewall > NAT > Outbound Once on this Landing Page put a Dot in radio button Hybrid outbound NAT rule generation - Click on Save - Do Not - Repeat Do Not Click Save and Apply At This Time - Instead Click on Add Square with Up Arrow (underneath Mappings ) on the page which opens change Interface from WAN in drop down menu to your WireGuard ( tunwg0 ) Interface which you created and labeled previously - in this example " WIRE " . Next - Change Source Address to " LAN NET " . You must manually enter your LAN NET . For example if your LAN Address is - then enter 24 . Finally, set ( leave ) Translation/target to Interface address. Enter " Description -e.g. " Made For Wire " now Click " Save " at bottom of page. You will be taken back to Firewall:Nat:Outbound Landing Page - Click on " Apply Changes " in right upper hand corner - Done with Firewall Rule for LAN. Repeat this Firewall Rule Operation for all of your other LAN Interface Subnets if you choose to do so. Now that your TorGuard WireGuard Client is installed and ready - you may enter command # /usr/local/etc/rc.d/wireguard.sh restart in order to start it up. You may also reboot your pfsense Router Hope this helps someone - See screenshots below for illustrative purposes - enjoy !!! Naturally substitute your own TorGuard WireGuard connection information Peace, directnupe
  3. Is it possible to get torguard working in PFSense with Stunnel? Or some other way to stop the constant Authenticate/Decrypt packet error’s I get which reduces the connection to a crawl when I use UDP on a Virgin media connection? I’ve found using TCP stops the errors but the speed is then abysmal. If I use the torguard client with stunnel enabled however the speeds improve. The only problem is I need stunnel working on pfsense not the client. Any help appreciated.
  4. If you are lucky to have pfsense box, then use this hack to create full proof kill switch: Firewall > Rules, Floating tab Action: Pass Disabled: unchecked Quick: checked Interface: WAN Direction: out TCP/IP Version: IPv4 Protocol: UDP Source: any Destination: TorGuard's IP ADDRESS Destination port range: VPN X port of TorGuard's VPN server Then below that rule: Action: Reject Disabled: unchecked Quick: checked Interface: WAN Direction: out TCP/IP Version: IPv4 Protocol: any Source: any Destination: any Destination port range: any That will allow outbound connections to only 1 IP on UDP X and block everything else. x = port
  • Create New...