1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    S
    So since there is no version 25.03. There is an official 25.07 now but only get a 7.08.2 what happen to the rest up to Suricata 7.0.10 or 7.0.12?

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    R
    I am seeing all these strange things resolve in pfblockerNG like devmachine-FKcElwG.local hometheater-wadq2.local Why am I seeing this? Does this mean my network is compromised?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    583 Posts
    L
    Any ideas to why I get this error? Im running pfsense CE 2.8.0-RELEASE (amd64) pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2_1.pkg pkg: An error occured while fetching package

  • Discussions about WireGuard

    692 Topics
    4k Posts
    F
    Hi again, to be honest: I guess, I did not remember exactly what I did 2 years ago. May I was mistaken by the interface name opt2 because the SG-3100 has a physical port OPT1 and I mixed up physical and virtual names. The goal was to use 2 different tunnels, one for the mobile clients and one for the site-2-site connection. And now all is running in that way . Regards
Log in to post
Load new posts
  • jimpJ

    System Patches Package v2.2.20_1 / v2.2.11_17

    Pinned
    12
    12 Votes
    12 Posts
    3k Views
    S
    There are new system patches available (2.2.21), maybe I miss the announcement here... https://github.com/pfsense/FreeBSD-ports/commit/8ffb307ed8845ebeeba2d00f258fd51256d0e756 Yes I do... https://forum.netgate.com/post/1214795
  • 1

    DNS Broken for pkg.pfsense.org

    Pinned Locked
    3
    0 Votes
    3 Posts
    13k Views
    jimpJ
    https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2
  • R

    Packages wishlist?

    Pinned
    661
    0 Votes
    661 Posts
    2m Views
    O
    PRTG
  • RyanMR

    HA Proxy and 503 error on pfSense

    2
    0 Votes
    2 Posts
    64 Views
    V
    @RyanM said in HA Proxy and 503 error on pfSense: So let's say my domain is internaldomain.com Does domain resolve to your public IP in a public DNS? If it doesn't, you won't get a Let's Encrypt cert at all. Is HA Proxy good for what I am trying to do? So I have self-signed certs for several internal hosts/services. Yes. You can install self-signed certs on your backend servers and direct all traffic over HAproxy, even from internal. However, you must not enable "SSL checks" in the backend. The better way, however, would be to generate the internal certs with a CA on pfSense. Then you can confiugre HAproxy to trust the CA and accept the server certs. When getting error 503 "service not available", the backend either does not respond to heath checks or the service is not reachable, or something else in HAproxy is configured wrong. So first of all go to the stats page and check if the backend is shown up as "online". If not check the health check configuration.
  • C

    Avahi trying to broadcast on public interface?

    6
    0 Votes
    6 Posts
    134 Views
    dennypageD
    @clearscreen said in Avahi trying to broadcast on public interface?: Then, I'm not sure what'd cause Avahi to publish on the public interface. It stems from Avahi's use of a single socket bound to all interfaces, which leaves a lot of room for problems. mDNS-Bridge uses individual sockets bound to each configured interface which precludes these kind of issues.
  • A

    Looking for few pointers getting Suricata on PFSense to talk to my Security Onion box.

    5
    0 Votes
    5 Posts
    130 Views
    bmeeksB
    @aaronouthier said in Looking for few pointers getting Suricata on PFSense to talk to my Security Onion box.: Ok, so I've been researching the topic. It seems SO has an integration for PFSense. However, the FreeBSD implementation of Syslog is not optimal for this purpose, as mentioned above. Although I am comfortable with CLI Linux, I am effectively a Newbie with regard to BSDs. My next question is: What would be the least invasive method as far as the PFSense Box to export just the Suricata logs? I believe I saw an option to log to a Unix Socket. Would that be helpful coupled with something like Netcat? I'm not necessarily looking for help with such a feat, just wondering if such would likely be fruitful, or am I just chasing the infamous wild goose? I recommend exporting the EVE JSON log as that will be the most comprehensive. To export to a UNIX socket, change the EVE OUTPUT TYPE setting to UNIX socket. You will need to manually create the socket and give it a name. It will be up to you then to "receive" the socket data stream and redirect it elsewhere (seems you want it remote for your case to Security Onion).
  • C

    Introduce openvpn-auth-oauth2 as pfSense package

    2
    0 Votes
    2 Posts
    117 Views
    A
    @cdal This could be a great security improvement ... It's the only way to do MFA with "LDAP/AD" backend for exemple (using oauth 2 proxy for exemple)
  • R

    How to update to the latest Telegraf version

    9
    0 Votes
    9 Posts
    1k Views
    R
    @rocket Updated July 20-2025 pfsense 24.11 - Telegraf freebsd-15
 pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg pfsense 2.7.2 - Telegraf freebsd-14
 pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg https://www.freshports.org/net-mgmt/telegraf/#history
  • L

    Updated PIMD package (beta)

    1
    0 Votes
    1 Posts
    90 Views
    No one has replied
  • M

    pfSense-pkg-WireGuard removal failed!

    1
    0 Votes
    1 Posts
    53 Views
    No one has replied
  • M

    HowTO - FreeRADIUS + Omada Controller + LAN ethernet + 802.1x computer authentication with cert

    1
    0 Votes
    1 Posts
    47 Views
    No one has replied
  • L

    New widget for the official speedtest.net cli version.

    6
    4 Votes
    6 Posts
    1k Views
    A
    @ameinild Yes, I just confirmed at home that it is still working. I had some icon error right after install, but this seems to be fixed now.
  • H

    crowdsec

    30
    0 Votes
    30 Posts
    2k Views
    dennypageD
    @Zermus said in crowdsec: It's a shame Elastic took their stuff in house and ELK stacks are no longer free. Tom Lawrence's (https://www.youtube.com/@LAWRENCESYSTEMS) videos convinced me that I should go over to Graylog Open on my personal stuff when that happened and I'm happy with it. I always viewed ELK as overly complicated. Graylog is much more manageable, although the console isn't as nice. Work in progress.
  • M

    Installing sudo or nano issues?

    pfsensece sudo
    13
    0 Votes
    13 Posts
    440 Views
    w0wW
    @MrWhatZitTooya666 said in Installing sudo or nano issues?: "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-core", "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-pfSense_v2_8_0", looks good. Try Forced pkg Reinstall https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html To forcefully reinstall all packages, take the following steps: Make a backup Clean the repository and forcefully reinstall pkg, repo data, and the upgrade script: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade Force a reinstall of everything: pkg-static upgrade -f Review the list of changes and enter y to proceed Manually reboot the firewall
  • S

    Main pfsense package is removed

    1
    0 Votes
    1 Posts
    87 Views
    No one has replied
  • D

    Telegraf and Grafana Dashboards

    5
    4 Votes
    5 Posts
    2k Views
    Sergei_ShablovskyS
    Recently (May-Jun 2025) Grafana received a HUGE update (even possible to saying “reworked from scratch” because some fundamental changes made): from more closely integration with GitLab CVS and making the database abstraction layer to tabs, custom and dynamic dashboards and interactive elements. After some time of stagnation, “new Grafana” start to receive a real most asked and usable updates. Just look at this! With this new updates Your Grafana’s dashboard for pfSense receive a REALLY USEFUL FORM ! P.S. And personally I need to note that pfSense Dashboard lost their actuality because in Grafana You may receive more usable, dive-in-detailed, much more detailed and granulated, interactive view and (in some cases, more important than view) strongly secured user authentication scheme.
  • L

    Constant arpwatch bogon reports .... related to my own network !!??? (*strange andannoying!!*)

    31
    0 Votes
    31 Posts
    2k Views
    johnpozJ
    @dennypage nice! I think the running 3 instances and filtering vlans on 0 (untagged traffic) would eliminate any sort of bogon because the source IP range is different than the actual network being seen on.
  • G

    Telegraf on PFsense Error

    13
    0 Votes
    13 Posts
    657 Views
    P
    @gm2005fl that's great news, and very useful information for those of us (i.e me!) not realising there are different versions InfluxDB :)
  • R

    HA proxy with ssl

    4
    0 Votes
    4 Posts
    261 Views
    R
    @Gertjan said in HA proxy with ssl: not mail.contose.com. @Gertjan I have 2 isp and mail.contose points to those ip addresses and MX. I am using a linux mail server. I have a DV cert installed on each server. for my web server I have added the following: [image: 1750364542787-f12dc686-bf5e-4470-893e-fe8317269460-image.png] [image: 1750364586857-6940d697-2a2b-4945-b93b-535c91cf9676-image.png] and the default backend for that rule is httpswww-copy
  • N

    LCDproc Looses Connection - Restarting service Fixes but goes down again shortly after

    7
    0 Votes
    7 Posts
    1k Views
    fireodoF
    @jimp Hi, as far as I know the lcd driver (LCDd) is connected to the display via USB/Serial/Parallel but the lcdproc process is connected to the driver in this way: Bind=127.0.0.1 Port=13666 Extract from pfctl -ss: lo0 tcp 127.0.0.1:20639 -> 127.0.0.1:13666 ESTABLISHED:ESTABLISHED lo0 tcp 127.0.0.1:13666 <- 127.0.0.1:20639 ESTABLISHED:ESTABLISHED So there could be a possibility to loose connection when states get killed ... IMHO (If I'm wrong please correct) EDIT: I cleared all states and this made the lcdproc also to loose connection flooding the syslog. After restarting lcdproc all fine again. Regards, fireodo
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.