1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @qupfer What did I bang my head over this strange 502 issue. Your solution did it! Thank you so much, even 2.5 years later!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    Hi All. A few years back there was no real good way of getting pfBlockerNG log files to a remote SIEM as pfBlocker had no built-in syslog support. The way pfBlockerNG rotated log files caused the entire log content to be resent/duplicated when the CRON update job ran if you used the syslog-ng package to monitor the log files. A Ticket has been open on this for years: https://redmine.pfsense.org/issues/14878 I can still not find any builtin syslog support, and the log file lines are also still in their own format as opposed to standard Syslog format. Have anyone come up with a good solution to getting pfBlockerNG log files shipped to a SIEM without various workarounds, reformatting and extra packages needed?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    GertjanG
    @jimp Done. I was on acme.sh 1.0 (25.07.1) and a downgrade was proposed. Now, the issue is gone.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    603 Posts
    W
    @totalimpact in my case I dsid not reboot the router, after I copied the new key tailscale went online.

  • Discussions about WireGuard

    696 Topics
    4k Posts
    Q
    Hi Team, I’m running pfSense Plus 25.07.1 with TorGuard WireGuard VPN as my primary tunnel for LAN traffic (for best possible speeds). The tunnel is mostly working now, but I had to go through several fixes and I’m still not confident the configuration is stable. Here’s what I’ve run into: TorGuard support originally helped set up the WireGuard client. It worked fine for about a day, but then the Unbound DNS Resolver stopped working. Even when I re-enabled Unbound manually, LAN clients still couldn’t reach the internet. The main issue seemed to be when switching between WAN (ISP public IP) and the VPN IP. Sometimes traffic didn’t switch over properly, and at one point pfSense even generated a crash report during the switch and restarted. To fix it, I reset the LAN firewall rule so that LAN traffic would route through the VPN gateway when active, and fall back to WAN when the VPN was down. After that, I was able to toggle the VPN on/off without pfSense crashing, and traffic correctly switched between ISP IP and VPN IP. At this point it works, but I don’t think the setup is completely stable. I’d like to ask for guidance on: How to make sure Unbound stays reliable when the VPN gateway goes up/down. Best practices for LAN firewall rules so clients use the VPN when it’s up, and either fall back to WAN or get blocked (kill switch) when the VPN is down. Correctly assigning DNS servers to WAN and VPN gateways. At the moment, in System → General Setup, I don’t see the gateway dropdown next to DNS entries, so my DNS servers are just “floating” with no interface binding. If anyone has suggestions, or can point me to a clean reference configuration for WireGuard + Unbound + proper DNS gateway assignment, I’d greatly appreciate it. I'd really like to have a conference with someone and go over this. I'd like to give them access using RustDesk or TeamViewer so we can talk and they can show me things. I am legally blind so I am one inch from the screen. I've also uploaded the crashdump so you can look over it. I've also been using AI, but I keep going in circles with it, so it's not perfect. Thanks in advance! Warm Regards, Jamestextdump.tar.0
Log in to post
Load new posts
  • P

    Freeradius user permission

    2
    0 Votes
    2 Posts
    864 Views
    V
    Hi I'm having the same problem. In addition I can say that the authorized user is able to delete the freeradius users
  • B

    Freeradius Bug

    1
    0 Votes
    1 Posts
    620 Views
    No one has replied
  • A

    Modsecurity 2.9

    1
    0 Votes
    1 Posts
    757 Views
    No one has replied
  • jimpJ

    MOVED: Postfix

    Locked
    1
    0 Votes
    1 Posts
    639 Views
    No one has replied
  • V

    FreeRadius: PEAP Auth only works if…

    1
    0 Votes
    1 Posts
    647 Views
    No one has replied
  • J

    PfSense with pfiprep, some firewall rules, and Snort

    3
    0 Votes
    3 Posts
    2k Views
    BBcan177B
    The script pfIPRep is now replaced by the package pfBlockerNG. https://forum.pfsense.org/index.php?topic=86212.0 https://forum.pfsense.org/index.php?topic=102470.0
  • Y

    Translate Cisco ACLs to SquidGuard ACLs?

    2
    0 Votes
    2 Posts
    740 Views
    J
    Squidguard is a web proxy so are you trying to copy web fitering over?
  • C

    Install openLDAP server on pfsense

    4
    0 Votes
    4 Posts
    8k Views
    C
    I have installed openLDAP in a separate box, right now I have the pfsense box with all the configs in place including squid and squid guard and another box with openLDAP. squid is configured as an transparent proxy because some of the employees use applications that don't support proxy configs  and terminal applications as well. in the squid config page I have noticed that you can't use transparent proxy with authentication.  Can you please tell be another way around it the propose here is to filter the internet traffic depending on user / group thank you
  • Z

    Manually configuring NUT

    2
    0 Votes
    2 Posts
    11k Views
    C
    I am using TS SHARA 1200 UPS, I have found a linux driver and copied to "/usr/pbi/nut-i386/bin/tsshara_usb" and created a link "/usr/pbi/bin/libexec/nut/tsshara_usb -> /usr/pbi/nut-i386/bin/tsshara_usb". I have added in the end of the file driver.list "TS Shara"      "ups"  "3"    "UPS 1200VA"    ""      "tsshara_usb". But I can not see the TS Shara option in the NUT settings. What am I doing wrong? :-\
  • S

    PFsense 2.2.6 release + freeradius cannot start after firewall reboot

    2
    0 Votes
    2 Posts
    795 Views
    M
    a mi tambien me pasa, revise pero no pude encontrar una opcion de inicio automatico
  • P

    Help please… update Squid service not start

    4
    0 Votes
    4 Posts
    1k Views
    T
    Keep an eye on it, as it may fill your drive like mine did. If I get a real solution figured out I'll try to let you know.
  • A

    Help in Ipguard setting

    4
    0 Votes
    4 Posts
    2k Views
    A
    Hello Mr Mowgli, You are suggesting I should bind the mac-id with ip address for super user using dhcp server configuration. But when you bind mac id to a specific ip it is only set as preferred ip. That means any one can set their machine with ip from range 192.168.7.250 .192.168.7.254 and get unrestricted internet access. Whereas with ipguard once the macid is linked with an ip normal user cannot set their ip in that range. I guess I have made my point clear. Thank you Ashima
  • Z

    Asterisk voicemail email feature?

    2
    0 Votes
    2 Posts
    1k Views
    Z
    I've actually managed to get this to work with the postfix module.  Setup your asterisk voicemail the way you want then install postfix and go to the postfix services configuration tab.  Under there make sure postfix is listening on the same interface asterisk is and also on loopback.  After that you need to either configure postfix as a full MTA or go under the domains tab, put in the domain name of all the email addresses you want to forward to and use an IP of a relay SMTP server that the pfsense box can use (I run a separate exim server on my network).  After that you have to install mailx via pkg add on command line.  Now once we've got all that setup, you need to configure some symbolic links in pfsense so Asterisk can get to them in their usual places (Because pfsense isn't your typical linux install). ln -s /usr/local/bin/mailx /usr/local/bin/mail ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail If you've got all that setup properly the voicemail to email feature should snap into working.  It did for me! :)
  • S

    Unable to disable/delete pfB_Asia_v4 auto rule

    6
    0 Votes
    6 Posts
    2k Views
    RonpfSR
    The configuration should be at Firewall / pfBlockerNG / Country / Asia
  • J

    Snort and Syslog

    1
    0 Votes
    1 Posts
    701 Views
    No one has replied
  • S

    Syslog-ng TLS configuration help (2.1.5)

    6
    0 Votes
    6 Posts
    6k Views
    K
    Really surprised this is not a supported feature in the gui!
  • R

    Installation Fails: OpenVPN Client Export Package

    5
    0 Votes
    5 Posts
    4k Views
    R
    Johnpoz, thank you so much for your help. I solved my problem. A little backstory in mitigation: I have been futzing with converting a VMware VM to Hyper-V and I have created this VM about a dozen times over about 6 weeks of part-time effort punctuated by hospital stays. The problem was that instance I was working on was a LiveCD image, not a disk image. Works a whole lot better if you use a write-enabled storage medium.
  • A

    Has anyone heard of this?

    6
    0 Votes
    6 Posts
    2k Views
    KOMK
    No problemo.  If I remember right, the entire point of Let's Encrypt was to have an automated system that would renew your cert regularly without user intervention.  They supply software that does all of this for you.  There was talk about a FreeBSD port, but I don't know the current status.  Ad then after that, someone would have to create a pfSense package to integrate it into the system.  For now, it's just easier to use the pfSense self-signed cert if required, and get your own real certs for your web server and mail server behind pfSense.  They're pretty cheap.  if I can afford one, anyone can.
  • E

    Freeradius2 - Windows 10 Update 1511

    7
    0 Votes
    7 Posts
    4k Views
    jimpJ
    @David_W: In the fullness of time, pfSense 2.3 will be released and there will almost certainly be a FreeRADIUS package for it that does not have this issue. For now, with the push to get pfSense 2.3 released, issues with unofficial packages for pfSense 2.2.x may well be a lower priority for the developers. The FreeRADIUS package on pfSense 2.3-BETA is 2.2.9 and is working well. If someone needs to use FreeRADIUS 2.2.9, they can upgrade to pfSense 2.3 or spin up an additional pfSense instance using 2.3 to use as a RADIUS server if they're more comfortable using it in that capacity.
  • M

    Pfsense 2.2.6 captiveportal+squid3+check_ip.php problem solving

    1
    0 Votes
    1 Posts
    695 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.