1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    F
    Hello, I use Squid as an explicit proxy, but I can't bypass the private destination IP addresses. Do you have any ideas?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    G
    FYI, this bug is still present on pfSense v2.8.1-RC and pfBlockerNG-devel v3.2.8

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    500 Topics
    3k Posts
    GertjanG
    @gorkrul said in Let's Encrypt Cert via ACME ask for oathtool (PFSende 2.8): so, what could be the solution then? or what other best practice recommended? acme.sh uses a 'scripted' or 'automated' login against 'INWX'. If an 2FA is needed to passs through, then, afaik, you can't use that access - acme.sh won't be able to grab your phone and copy over the challenge code. I'm not a 'INWX' (dono what/who that is to be honest) but I advise you to go to their support (foruim, FAQ, etc) and xheck how other, using 'INWX', set their acme.sh. Their support page said : https://www.inwx.com/en/offer/api where acme.sh is mentioned as 'possible'. here is a list with open issues with INXW : https://github.com/acmesh-official/acme.sh/issues?q=is%3Aissue%20state%3Aopen%20INWX - maybe yours is there also ? My pretty broken advise would be : stop 2FA ....

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    608 Posts
    Y
    Well, I spent some time tonight playing around with this and I think I have it. Some suggestions for others: Generate the OAuth client in the Tailscale admin before anything else. Make sure to create the tag you'll need. One per pfSense instance (and clearly, one OAuth client per pfSense instance). Give the OAuth client the permissions you think appropriate. Very Important: make sure that you can generate an API key with the OAuth creds. The OAuth creds are, apparently, used by the CLI to generate an API key. The latter is what does the trick in tailscale up. Do this from the pfSense console: curl -d "client_id=kY5Mv4h8kQ11CNTRL" -d "client_secret=tskey-client-kY5[invalidchars]CNTRL-ZXo2FfBbb[moreinvalidchars]GVT" "https://api.tailscale.com/api/v2/oauth/token" If you don't get back something like this, you'll never be able to get it to work: {"access_token":"tskey-api-kM[lotsofinvalidchars]NTRL-[stillmoreinvalidchars]9YevL","token_type":"Bearer","expires_in":3600,"scope":"all"} Here's what worked for me if the above returned an API token: /usr/local/bin/tailscale up --auth-key=tskey-client-[greekedout]GVT\?ephemeral=false\&preauthorized=true --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=192.168.211.0/24 --advertise-tags=tag:[yourtaghere] Make sure you have the cron package installed. Then add a @reboot entry using the full path (see above). I also added a cron entry every six hours as if Tailscale is up, this command does not interrupt or reset any sessions. I've left some bytes of the creds in these examples to make it clearer where your full creds should go. The curl command requires the escape symbol (\) in the parameters that will be passed to the control plane. FWIW, I lost an hour or more because I had (God only knows why) set Tailscale on one pfSense instance to accept DNS. Do this and the router cannot resolve the control plane API endpoint. Dumb. And I own it. I don't know if this "fixes" everything. But it's a lot of work and it shouldn't be necessary. Somehow, this package to be useful needs to survive reboot without the need to go to these lengths.

  • Discussions about WireGuard

    699 Topics
    4k Posts
    S
    @Bob.Dig what's the right place?
Log in to post
Load new posts
  • S

    NTOP & Stunnel

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • S

    AV + Spam assasin

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    S
    @sgnet: Im now expert on linux or know much about programming, but I am willing to get my hands dirty and learn something , how would i got about trying to intergrate such packages like spam assasin or even clam av on it Review/study the existing code: http://pfsense.com/cgi-bin/cvsweb.cgi/tools/packages/
  • E

    AdZapping with squid

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    ?
    AdZapper is a neat little redirector for Squid.  Unfortunately squid only supports the use of only one redirector at a time.  There is a perl script called zapchain that lets you chain multiple redirectors but its not especially well written and certainly not speedy.  A debatably better solution would be to maintain a block list of the various adservers (there are lots of places to find these lits online) as an ACL in your squid.conf.  This approach has its own drawbacks as well, so consider each.
  • S

    Nice squid feature

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    H
    Not sure what all will be build into the package, but something that makes trading settings easy (maybe similiar to the backup/restore process to be able to restore different sections of settings)  :)
  • M

    11/11/2005 - Squid Commit & Changelog

    Locked
    15
    0 Votes
    15 Posts
    9k Views
    ?
    Posted to the "Squid Errors" thread, it seemed more appropriate.  This was just a first-pass at the WebGUI, I'm hoping to give it a more thorough beating tomorrow.
  • S

    Thoughts on reporting/monitoring package?

    Locked
    2
    0 Votes
    2 Posts
    5k Views
    J
    Pfsense already does most of that stuff.  Use the package called Ntop.  And enable the rrd tool.  Takes heaps of looking around to find everything you want.  But if you click on a specific IP there is a little Icon that looks like a graph and it gives you all sorts of stats etc such as what you are looking for (that little icon took me about 8 days to find LOL). The only problem I have with the Ntop stats is I am unable to view the stats of a PC that has been turned off for a while.  I have to wait until it comes back online.  I could probably do it manually but I don't really care enough to go to the effort to find out how :).
  • J

    Problem with Ntop and WinSCP

    Locked
    3
    0 Votes
    3 Posts
    5k Views
    J
    Thanks root worked.  I did search! So did I find a bug? with the Ntop thing? Sorry I'm a bit usless. I edited the XML file  /usr/local/pkg/ntop.xml But I am not sure how to make it "work".  When I reinstalled ntop if overwrote this file.  I was browsing for ages trying to find the "master" file. Sorry aagain :), I'm slowly learning how to do it for myself.
  • M

    Squid Package

    Locked
    3
    0 Votes
    3 Posts
    6k Views
    M
    Yes.  Initially, I did not know any PHP so this was a learning experience for me.  Now that I have a little better experience, I'm cleaning the code.  In addition to cleanup, I'm adding and testing the various the authentication options such as: Local Authentication RADIUs LDAP Domain The first hurdle was that the squid_rad_auth port did not exist for FreeBSD so I had to take ownership (http://www.freebsd.org/cgi/query-pr.cgi?pr=87858) that so pfSense can support it.  I anticipate a hopefully more stable release out very soon so I can move onto adding squidGuard and other packages that work in conjunction with it.  The community can help by continuing to report bugs and if anyone is a coder and has a better or more efficient way to do something, please let me know as I want this package to be as solid as possible.  Thanks! Mike
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.