1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    I recently start have trouble saving my HAProxy configuration due to a error. It keeps adding clientca_ in front of the SSL offload certificate name. On file level this file does not exist! I tested with both HA Proxy plugins, the regular and dev version. I tried to regenerate the SSL (Lets Encrypt) but this keeps happening. [ALERT] (45623) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_shared-frontend.pem' (No such file or directory). [ALERT] (45623) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:28] : 'bind 0.0.0.0:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_shared-frontend.pem Does anybody have the same behaviour? to be clear I have the 25.07-RC running. The relevant part of /var/etc/haproxy_test/haproxy.cfg frontend shared-frontend bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy_test/shared-frontend.crt_list ca-file /var/etc/haproxy_test/**clientca_**shared-frontend.pem verify required crl-file /var/etc/haproxy_test/**clientcrl_**shared-frontend.pem

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    578 Posts
    T
    Re: How to update to the latest Tailscale version? I am on latest released Netgate 6100 pfSense PLUS v24 ( pfSense_plus-v24_11_amd64-pfSense_plus_v24_11 ) pkg config abi FreeBSD:15:amd64 pkg -vv | grep -A 3 "pfSense:" pfSense: { url : "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11", enabled : yes, priority : 0, cat /usr/local/etc/pkg.conf ABI=FreeBSD:15:amd64 ALTABI=freebsd:15:x86:64 PKG_ENV { SSL_CA_CERT_FILE=/etc/ssl/netgate-ca.pem SSL_CLIENT_CERT_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-cert.pem SSL_CLIENT_KEY_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-key.pem } This firewall is obviously running on FreeBSD 15 no longer on 14. But can I use the freshports link for FreeBSD 14 amd64 quarterly which is at tailscale 1.86.2 or can I only go up to version tailscale 1.84.2_1, and need to wait until they have a version of tailscale 1.86.2 or higher for the FreeBSD 15? Would it be good enough to tell it to ignore the OSVERSION? export IGNORE_OSVERSION=yes Note: use of 14 and not 15 ? pkg add https://pkg.freebsd.org/FreeBSD:14:amd64/quarterly/All/tailscale-1.86.2.pkg service tailscaled restart tailscale up

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J
    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection. If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application? Thanks.
Log in to post
Load new posts
  • B

    Imspector on 1.2.1* - patch (works for me!)

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • I

    SPAMD in Blacklist Mode Broken?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    I should say that unchecking the box STOPS all e-mail from being delivered unless its' on the whitelist. (I'm assuming because the rules aren't re-written it's trying to send it to spamd internally, which isn't on) Changing the rules just gets them re-written on reboot obviously so that's no dice either.. Chris
  • C

    Patch to include SMTP server name to SpamD package

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    I
    @iced98lx: Are you using the developer release? I'm on 1.2.1 rc3 and after installing patch the command gpatch is not found… Nix that- reboot and now i can use gpatch.
  • C

    SpamD: Add DNSWL's legitimate SMTP servers to whitelist

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    Comrax: doing excellent work here!! I'm updating to RC3 just so i can use this and the other patch you released to SPAMD!! Are you running greylisting or just white/black?
  • I

    Changing SPAMD to Listen on an IP Address vs an Adapter

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • K

    Spamd whitelist/blacklist strange behavior

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • P

    BGP problems

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    D
    looks like you are binding bgpd on one subnet. here's a bgpd.conf that works with the latest pfsense version. (note that I set the announce on the group level, you can do this on the neighbor level also, also I like to define things even tho they are the default - just for my own sanity) AS 12345 holdtime 60 listen on 127.0.0.1  #try this to so solve your binding problem router-id 111.111.111.111 network 123.123.123.0/24 group "upstream" {         announce self         announce capabilities yes         set localpref 90         softreconfig in yes         softreconfig out yes         neighbor 63.169.230.189 {                 descr "Sprint Upstream"                 remote-as 1239                 depend on em1                 max-prefix 270000         }         neighbor 204.9.204.29 {                 descr "US Colo Upstream"                 multihop 3                 remote-as 32743                 depend on em2                 max-prefix 270000         } } group "any2_peers" {          announce self          announce capabilities yes          depend on em3          set localpref 110          softreconfig in yes          softreconfig out yes          neighbor 206.223.143.33 {                 descr "WV Fiber"                 remote-as 19151                 max-prefix 4000         }         neighbor 206.223.143.79 {                 descr "Peer 1 Networks"                 remote-as 13768                 max-prefix 2000 }         neighbor 206.223.143.63 {                 descr "Singapore Telecom"                 remote-as 7473                 max-prefix 20000         } } Sample filter section: Filter Section First deny everything from all deny from any deny to any Allow to/from our peers All groups  must be listed here to receive and send updates allow from group upstream allow to group upstream allow from group any2_peers allow to group any2_peers Filter out Default Route, RFC1918 and other IANA reserved IP blocks deny from any prefix 0.0.0.0/0 deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4 +++++++++++++++++++++++++++++++++ hope this helps
  • J

    Multiple subnets with Bandwidthd

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    C
    Same phenomena here… Anyone can shed more light on this? and how to correct the situation? I am running pfSense 1.2.1-RC2.
  • D

    SNORT BLOCKING EVERYTHING

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    NUT and UPS via USB

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    G
    I was also having problems with the nut package in 1.2.1 RC2 and a APC ES-350 using a usb cable. I was able to resolve the issue by running a search and replace on "nut.xml"  and replacing all instances of "newhidups" with "usbhid-ups" Hope that helps GP P.S as always it would be a good idea to make a backup of "nut.xml" before you start!
  • B

    VmWare Package - 1.2 Release but can't see it?!

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    B
    @GruensFroeschli: This is the post for you :) http://blog.pfsense.org/?p=293 I assume from that it's only available as a package in 1.2.1? :-) I tried to go to the doc page mentioned in my first post and create an account in order to edit the doc to make it clear that this is only available for 1.2.1 and upwards. However the only option is to log in, not to create an account! Could some kind soul please edit this page to make it clear which version(s) it applies to?
  • G

    Trouble shooting 1.2.1 RC2 Snort Pkg Rule update

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    I have searched the forums several times, thank you. I am using the "ac-bnfa"  mode that was the solution in one post ( I have also tried "lowmem" that has worked other types of installation). It's weird in that my first install it worked fine.  I had to reinstall on new hardware and it stopped working. I have reinstalled half a dozen times with no luck. In another post a delay to allow for the interfaces to come up was sugguested.  I have tried turning automatic updates off to provide that delay with no luck. Can anyone at least provide a manual method of updating as a work around? Well after two days it ran successfully! I have no clue why.  Please ignore post
  • G

    GEO Filtering

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M
    Interesting idea - you might start a bounty and see if anyone else latches onto this.
  • F

    Problem in squid while on failover

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    I believe that Squid does not support a multi-wan environment (load balance/failover). I will check on this and get back to you…
  • C

    Question about BandwidthD

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    LightSquid and 500 - Internal Server Error

    Locked
    21
    0 Votes
    21 Posts
    14k Views
    D
    @ipnet: Hello all, I get the 500 Internal Server Error when I try to get the graphics from Lightsquid. I followed this thread and made it up to the point where the conclisions are that the libperl.so file has to be replaced. Well, the link http://diskatel.narod.ru/libperl.so (mentiones early in this thread) seems not to exist any more. Anybody knows where can I get this file from ???? Best regards Pls restore you lib back and look lastest recomendations http://forum.pfsense.org/index.php/topic,11594.15.html –- Possible close this topic - here not actual information?
  • Z

    Snort2c source code

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    Z
    snort2c it's not part of snort official package. The main site of the project is at http://snort2c.sourceforge.net but I think that the version included in pfsense is a modified one (according to the cvs logs).
  • R

    Restoring with packages

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    D
    @running: Since i have reset config and reinstalled packaged do i still have access to that log? If not i will tire to re create the problem this week and let you know Thank you! LS need squid log's SG must have installed blacklist
  • P

    Why does the Transp. Proxy asks for password?

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    H
    hadi57 i had this problem of the username and password appear whenever somone opens web page, if i use the upstream proxy.
  • B

    Samba on Pfsense

    Locked
    2
    0 Votes
    2 Posts
    5k Views
    GruensFroeschliG
    http://forum.pfsense.org/index.php/topic,10201.0.html
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.