1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N
    @andrew_cb Thank you very much for this, I just tried your proposed solution and it did work! That was driving me crasy! Way simpler than deleting the haproxy_server_state file.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    T
    @andrebrait will you be able to rebase pfblockerng-adblock-clean on top of devel in the foreseeable future? I have been able to make use of patches until I upgraded to 25.07-RELEASE. The conflicts are deep. Oddly the pfblockerNG-devel package is 3.2.7 despite the current refs having 3.2.9 in the Makefile.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    594 Posts
    E
    @totalimpact Tailscale 1.54.0 is 2+ years out of date. Tailscale has made quite a number of changes since Tailscale 1.54.0, likely rendering it incompatible with their servers. I would consider manually updating the Tailscale FreeBSD package. FreshPorts does not maintain an archive of all the releases, only the latest compiled by the volunteer maintainers. The key to manually upgrading is knowing which FreeBSD version your pfSense release is running, i.e. 14 or 15. You can following along here.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    P
    SOLVED. Turns out nothing wrong with my tunnel setup and not due to CGNAT. The reason PING works and other traffic doesn't is due to packet size and MTU. Something on the wireless network means that the default MTU doesn't work, forcing a smaller MTU to 1280 on pfSenseB fixed this. This Reddit thread has more details of this issue: https://www.reddit.com/r/WireGuard/comments/qmsa2n/ping_works_but_sites_arent_loading/
Log in to post
Load new posts
  • O

    Please point out I am an idiot....

    5
    0 Votes
    5 Posts
    746 Views
    N
    Obviously a troll post.
  • M

    Syslog-ng forwarding via TCP not working?

    3
    1 Votes
    3 Posts
    2k Views
    M
    @flink4 - thanks! I've hacked something else in place for the time being, but will try this out when I find the time!
  • jimpJ

    LCDProc package version 0.11.2

    Locked
    5
    2 Votes
    5 Posts
    1k Views
    fireodoF
    @jimp said in LCDProc package version 0.11.1: It seems to work here in some local testing. Works here too - many thanks! [image: 1689773875658-lcd-display-mi4300yl-270.jpg]
  • V

    Grafana Dashboard using Telegraf with additional plugins

    173
    11 Votes
    173 Posts
    84k Views
    B
    @thimplicity You should see this being mentioned above https://forum.netgate.com/post/992280
  • D

    MPD5 port / package install.

    1
    0 Votes
    1 Posts
    435 Views
    No one has replied
  • S

    pfSense-pkg-softflowd: not sending data to log collector

    2
    0 Votes
    2 Posts
    754 Views
    D
    @soheil-amiri Check documentation for sample rate and tcp timeout options for softflowd. Adjust them to suit your traffic. This hints at why you might see less netflow stats arriving at your log server than you're expecting.
  • jimpJ

    OpenVPN Client Export package v1.9

    2
    6 Votes
    2 Posts
    756 Views
    jimpJ
    One thing I have noticed: If you already have OpenVPN installed, the export package installer for 2.6.x will offer to uninstall the client instead of installing it on top of itself or skipping that step automatically. You can X out of that part of the installer if you want to leave the currently installed client alone, then it will go on and prompt to do the next part of the process which copies the configuration file into place.
  • T

    PFsense 23.05.1-RELEASE- OpenVPN Not Showing Client Export Tab

    Moved
    3
    0 Votes
    3 Posts
    637 Views
    T
    @jimp This was the fix THANK YOU!
  • frogF

    Freeradius Google auth not working

    4
    0 Votes
    4 Posts
    742 Views
    GertjanG
    @frog said in Freeradius Google auth not working: https://vorkbaard.nl/how-to-set-up-openvpn-with-google-authenticator-on-pfsense/ Maybe. I would prefer using the original info, written by the one who actually build and created the system. For info about your Tesla, would you seek help on www.ford.com ?
  • S

    arpwatch 0.2.1 no service autostart after upgrade 2.6.0 -> 2.7.0

    2
    0 Votes
    2 Posts
    334 Views
    S
    Three systems tested, all three with the same issue. As workaround I configured service watchdog to start the services after reboot.
  • ?

    Avahi package does not survive a config restore on pfsense 2.6.0 due to missing avahi-daemon package

    23
    0 Votes
    23 Posts
    2k Views
    ?
    @SteveITS 2.7.0 CE fixed the restore issue with Avahi for me. However, I can only confirm it as "fixed" on a single pfsense box with a maximum of 2-3 restores. My pfsense has only been updated a few days ago. Early days, without another user also confirming it as fixed I would say.
  • JeGrJ

    Filer Package XMLRPC Sync error

    3
    0 Votes
    3 Posts
    747 Views
    J
    @JeGr I was able to fix it by changing line 221 in /usr/local/pkg/filer.inc from: $execcmd .= "sync_package_filer();"; to $execcmd .= "filer_sync();";
  • P

    Centralized pfSense Management Interest

    7
    3 Votes
    7 Posts
    3k Views
    R
    @occamsrazor So I've tried DynFi and seen that it has some great features, but the centralized management features are limited. I think it's better for Day N where you're monitoring and tweaking the devices after they're set up. In a fleet of business owned firewalls, you would want to define configuration based on policies at a global level, site level and individual firewall level. The global and site level config is very minimal with what I think I can do with DynFi - what would be ideal is something like: Creating a firewall rule for a secure maintenance access via properly configured SSH over VPN. A site level config example may be configuring a CA and certs for 4 firewalls that an MSP is responsible for, an individual firewall config might be all the unique stuff like hostname, etc for that firewall. With a centralized management platform offering, the firewall could have a script to check the central platform during boot for ownership of the serial number and then attach itself to the platform. This Zero Touch Provisioning feature means I don't have to travel all over the country setting up firewalls, I could have the option of using a contractor to rack and plug the box in and then hand it off to me to do the rest remotely. Those are some savings, efficiency and quality of life upgrades I know businesses would want to pay for. I'm sure Netgate already knows this, but business customers are the type looking to purchase verified Netgate brand hardware with support contracts. I'm currently going through a POC to try out all the competition and I can say what I described here is hilariously hit or miss across all the big vendors. Very few are doing a great job with this or they make it difficult to POC those features. Meanwhile, the first setup to cross the finish line in lab was of course pfsense plus and DynFi so Kudos for the "ease of setup"!
  • D

    2.7.0 release has broken package management for 2.6.0 ?

    8
    0 Votes
    8 Posts
    2k Views
    D
    @SteveITS said in 2.7.0 release has broken package management for 2.6.0 ?: @DBMandrake https://redmine.pfsense.org/issues/10464 It's a long standing issue. Don't install packages for the wrong version. (yes I know that isn't what was intended) In the past it would try, and do things like upgrade PHP, breaking the old version. The problem is, whether I tried to manually install a package via the GUI or not, some background process had already attempted to update some system packages (not those listed in the GUI) and in the process broken the pkg command itself. (although I notice the GUI uses pkg-static) See my other thread. This happened on four different systems, three of which I didn't even log into until I was aware of the issues on the first system, so definitely something that happened automatically as a result of the package repositories being updated on the servers. I had to manually fix the pkg command on all four systems and they still complain about the fact that the FreeBSD package library is now using a newer database version than it should be. This really shouldn't be happening without user interaction. I haven't experienced these problems before because this is the first time that "Current" has changed versions in the repositories since I've been using PFSense. (Since I started with 2.6.0 which has been out for 1 1/2 years now) Change System/Update/Settings to Previous Stable branch to be on 2.6, then install/update packages. That doesn't fix the pkg command at the command line though, I had to fix that manually.
  • H

    Package Manager not showing some packages

    Moved
    18
    0 Votes
    18 Posts
    2k Views
    bmeeksB
    @hauy said in Package Manager not showing some packages: @bmeeks I figured it out. I deactivated and reactivated the service and it seems to work now. Thanks again for your help! That likely means some piece of the configuration was incomplete, and making that change and saving it caused the package GUI code to rewrite the configuration.
  • F

    rrd_summary: no data

    7
    0 Votes
    7 Posts
    915 Views
    S
    @FollyDude-0 Currently running on pfsense 2.7.0
  • R

    FreeRadius reinstall maintains old config

    Moved
    2
    0 Votes
    2 Posts
    507 Views
    johnpozJ
    @Raven7362 I don't fell like testing if can duplicate your problem, because well kind of using my config ;) But if your having issues, all of the conf files and such are stored here /usr/local/etc/raddb/ I would assume you could uninstall freerad package, then remove all those files.. Then reinstall package. you can view their path and files in the view config in the freerad package gui section.
  • S

    Trying to install SpeedTest-CLI on 2.6.0-RELEASE (amd64)

    1
    0 Votes
    1 Posts
    282 Views
    No one has replied
  • T

    How to run script from the persistant directory /conf or /cf/conf/?

    2
    0 Votes
    2 Posts
    384 Views
    bmeeksB
    Don't do that! That directory is "no execute" for a very good reason. Instead, put your custom shell scripts in /usr/local/etc/rc.d/ or perhaps /usr/local/bin/.
  • calebhC

    Check_MK on pfSense 2.4 w/ Update-persistence

    Moved
    2
    2 Votes
    2 Posts
    3k Views
    M
    Hi calebh, thanks for writing all this up. Just to say, I've been looking into alternative ways of doing this, which don't need xinetd or the filter cronjob. One way is to add an SSH key to the User's Authorized Keys, e.g. `restrict,command="/opt/bin/check_mk_agent" ssh-rsa AAAAB...` And then set up an Agents > Other integrations > Individual program call instead of agent access rule, like: ssh admin@$HOSTADDRESS$ -i mysshkey (Some more parameters might be needed to disable TTY or something, I can't remember.) I've decided against this approach though, because the SSH connections end up spamming the System Logs. I think a better way is to create a simple .php file that calls the agent: /usr/local/www/check_mk_agent.php <?php header('Content-Type: text/plain; charset=utf-8'); system('/opt/bin/check_mk_agent'); ?> Then the Individual Program Call should look something like: curl -ks https://$HOSTADDRESS$/check_mk_agent.php It would be possible to modify the PHP to add some more security, perhaps some IP address filtering or to check for a secret parameter. But even without those steps, it at least has the advantage of encrypting the traffic over SSL so it can't be read by third parties. Note, this will end up spamming the nginx log (System > GUI Service). Arguably that's better than spamming the System Log, but may still not be appreciated.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.