Primary endpoint
Use https://mirror.kargadan.ir/repository/pfsense-proxy/ as the canonical baseurl in your client configuration.
Primary archive only
A single proxy serves the entire distribution — no companion archives needed.
No sign-in required
Public read access over HTTPS. Plain HTTP is available for legacy clients that cannot validate the certificate.
Repository URL
Drop one of the URLs below into your client configuration. HTTPS is the right choice in almost every case.
HTTPS · recommended
https://mirror.kargadan.ir/repository/pfsense-proxy/
HTTP · legacy clients only
http://mirror.kargadan.ir/repository/pfsense-proxy/
Quick verification
Run this from any machine that can reach the mirror. It should complete in under a second once metadata is cached.
# Quick smoke test (ISO listing only — see limitations below)
curl -fsSL https://mirror.kargadan.ir/repository/pfsense-proxy/ -o /dev/null -w 'HTTP %{http_code}\n'Default client configuration
Drop this file at — on the target host for the recommended default release (—). See configuration by release for every supported suite.
# pfSense — partial cache only
pfSense ships its package repository **with TLS client-certificate
authentication**. The Netgate FreeBSD `pkg` archives at
`https://pkg.pfsense.org/` therefore *cannot* be proxied transparently —
Nexus does not have the cert and `pkg` will reject any other server's
certificate.
What `pfsense-proxy` *does* cache:
* ISO and netboot images at `https://atxfiles.netgate.com/`.
* Public utility scripts and changelogs.
Recommended use:
```
# /tmp/install.sh on a fresh appliance — fetch ISOs only:
fetch -o /tmp/pfsense.iso \
https://mirror.kargadan.ir/repository/pfsense-proxy/mirror/downloads/pfSense-CE-2.7.2-RELEASE-amd64.iso.gz
```
For full package caching you must run the official
[pfSense Repository Builder](https://docs.netgate.com/pfsense/en/latest/development/build-package.html)
and host the result behind nginx. Nexus 3 can then proxy that nginx server
as another raw proxy.Configuration by release
Each block below is a complete, copy-ready configuration for one suite or release. Install path: —. The same patterns are committed under /opt/client-configs/pfsense/README.md on the mirror host (default release only).
pfSense CE ISO / firmware (public archive only) default
Package feeds (pkg.pfsense.org) require client certificates and are not mirrored.
Quick verification
curl -fsSL https://mirror.kargadan.ir/repository/pfsense-proxy/ -o /dev/null -w 'HTTP %{http_code}\n'Client configuration
# Manual ISO download (example)
fetch -o /tmp/pfsense.iso.gz \
https://mirror.kargadan.ir/repository/pfsense-proxy/mirror/downloads/pfSense-CE-2.7.2-RELEASE-amd64.iso.gzCI / container example
A minimal snippet you can paste into a Dockerfile or pipeline step.
# On a pfSense box (manual ISO download only)
fetch -o /tmp/pfsense.iso \
https://mirror.kargadan.ir/repository/pfsense-proxy/mirror/downloads/pfSense-CE-2.7.2-RELEASE-amd64.iso.gzMirror information
| Distribution | pfSense |
| Package manager | pkg |
| Mirror format (Nexus) | raw |
| Default suite / branch | — |
| Authentication | Not required (anonymous read) |
| Protocols | HTTPS · HTTP |
Notes & limitations
pfSense's pkg.pfsense.org requires TLS client-certificate authentication that Nexus cannot present, so package downloads cannot be transparently cached. pfsense-proxy only mirrors the public ISO/firmware archive at atxfiles.netgate.com. For full package caching you must run the official Repository Builder and proxy that build's HTTP server.