1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox That is weird did you just try this or have you used it in the past?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @LowKnee Just out of curiosity are you referring to the Database Sanity Check reporting that "these two counts should match" it the count is off by 1 (which I suspect is your case) there was a fix (manual code change) to change masterfile to mastercat in pfblolckerng.sh you want to change this change the line from s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})" to s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})" There is also an edge case if the count is greater than one, here is how that goes if in the deny directory you have say two flies (because of the list / file selection you have and they have repeat addresses file 1 has say 100 lines file 2 has say 10 lines (but those 10 lines are also in file 1, file 2 is a subset) you get two uniquely named deny files and then when the "count" is calculated on the deny directory it sees 110 entries when the "count:" is calculated on the "mastercat" file it only contains 100 entries the count doesn't match in my case the issue was caused by full list I had selected, also having an available subset lists (I had inadvertently selected one of) this causing two deny files with some of the same (overlapping data) I unselected the subset and bingo matched again, was a "my bad" selection. Edit: this applied to 25.07 (and 25.07.1) and pfblockerng 3.2.7 as it is labelled on those versions of pfSense

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    603 Posts
    W
    @totalimpact in my case I dsid not reboot the router, after I copied the new key tailscale went online.

  • Discussions about WireGuard

    697 Topics
    4k Posts
    H
    I figured out the issue. I missed adding the 3rd locations Lan to the static routing. Now all is working perfect.
Log in to post
Load new posts
  • K

    Radius Server - Service cannot Start up

    2
    0 Votes
    2 Posts
    573 Views
    F
    Hi Khupidor I was just dealing with the same issue Hope this helps you too: https://forum.pfsense.org/index.php?topic=133961.msg735559#msg735559 Cheers!
  • W

    Freeradius 2.2.x authentication bypass CVE-2017-9148

    4
    0 Votes
    4 Posts
    1k Views
    W
    I saw that FreeRadius 3.0.15 support was added to Available Packages. Uninstalled freeradius2, installed freeradius3, and the configuration transfered over quite nicely. I imagine this was quite an undertaking, thanks much! Cheers
  • jimpJ

    MOVED: 2.3.4-p1 Breaks PFBlockerNG

    Locked
    1
    0 Votes
    1 Posts
    507 Views
    No one has replied
  • L

    Unable to install packages

    5
    0 Votes
    5 Posts
    1k Views
    jimpJ
    Nothing changed here recently, and there haven't been any outages. It's possible there was a problem somewhere between you and the package servers, however.
  • D

    Package nut + Eaton Protection800 connection lost and back twice a day

    7
    0 Votes
    7 Posts
    2k Views
    D
    I don't think about UPS issue, because it was plugged to a Windows station before and was reporting no communication error I'll try the 2 other USB ports to be sure, and change usb cable . Let's try external power hub too, i didn't try this yet. About the pollinterval=10 it's already in place. Thank you for your help and patience. I'll give a feeedback asap.
  • C

    Squid reverse proxy: limiting sending large files over HTTP

    2
    0 Votes
    2 Posts
    733 Views
    C
    Solved the issue. Really tried everything, but didn't succeed. Drived me nuts. For anyone having this issue too: Cloudflare has set some limit on the size of the requests: https://support.cloudflare.com/hc/en-us/articles/201303340-How-can-I-change-the-client-maximum-upload-size-  :-\ :-\ Cadish
  • dennypageD

    NUT info thread

    3
    0 Votes
    3 Posts
    526 Views
    dennypageD
    Thank you Jim!
  • C

    PfSense 2.3.4 with NUT 2.7.4_4 and Tripp Lite SMX500RT1U USB No matching HID UPS

    12
    0 Votes
    12 Posts
    4k Views
    dennypageD
    @communityuk: An Electrician caused a reboot by turning off the power on the clean side of the UPS! Anyway I removed the "user=root" and it works ok now. Awesome, thanks for letting me know. I'll see about adding an install warning for this next time I update the package. About the electrician though… sigh.
  • chudakC

    Squid and "Bypass Proxy for These Source IPs" question

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    You can't bypass them as a source and still also have them go through the proxy. The either go through the proxy or they do not. If you could identify the remote server(s) and bypass based on destination, then they could still have their traffic scanned going to other places. But if you want to AV scan the traffic that is also going to the place the camera is sending the video, that would not be possible.
  • K

    Squidguard and https

    3
    0 Votes
    3 Posts
    763 Views
    jimpJ
    You do not need to edit anything in the code/files. Just the GUI settings. Set the redirect type to "Ext URL Found" and then drop the full URL into your "Redirect Info" box. https://your.host.name/sgerror.php?url=403&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u That setting might be on your Common ACL or other ACL configurations.
  • P

    Migrating from TMG 2010 to HA-PROXY as a reverse Proxy issues

    4
    0 Votes
    4 Posts
    1k Views
    P
    In the status page for the SharePoint backend I get: Unauthorized. The site on SharePoint does allow anonymous access. Thanks
  • S

    SSO with LDAP Auth

    3
    0 Votes
    3 Posts
    1k Views
    B
    In my opinion it is not possible without additional components on the client-side. IMHO the best way is to join the domain with your pfsense and then use ntlm for squid-auth. If you look at commercial firewalls (like sophos) they do it the same way. If you want to do it with pfsense, you would have to use a third-party addon. (https://pf2ad.mundounix.com.br/). But unfortunately it is not recommended to use third-party addons on pfsense. It would be great if it could be added as an official package.
  • S

    Pfsense2.3.4 + squid-3.5.26 + squidguard-1.4_15

    2
    0 Votes
    2 Posts
    1k Views
    S
    Can anyone please assist me on this?
  • E

    Quagga, ospf and high availability

    2
    0 Votes
    2 Posts
    2k Views
    Q
    I've recently coded a GUI addition to the Quagga OSPF plugin for doing just this. I'll be submitting a pull request in Github in the next week or so as i finalize a few tweaks. This has really brought our HA router abilities to a new level and it's working well in our datacenters.
  • J

    Issue on radiusd.conf

    2
    0 Votes
    2 Posts
    538 Views
    jimpJ
    Is this with the FreeRADIUS 2.x package or FreeRADIUS 3.x? If it's with the 2.x package, uninstall it and then install the 3.x package. If it's with the 3.x package, you will need to be more specific about the problem: What options in the GUI are not being put into the configuration correctly? And what line, specifically, are you changing to correct the problem?
  • C

    Service watchdog says newer version available - I cannot update

    2
    0 Votes
    2 Posts
    469 Views
    DerelictD
    That is not telling you there is a newer version available. That is a legend. If Service Watchdog was in yellow there would be a newer version available. ![Screen Shot 2017-07-09 at 4.26.18 PM.png](/public/imported_attachments/1/Screen Shot 2017-07-09 at 4.26.18 PM.png) ![Screen Shot 2017-07-09 at 4.26.18 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-07-09 at 4.26.18 PM.png_thumb)
  • perikoP

    Squid3-dev sites issues with SSL3_GET_SERVER_CERTIFICATE

    2
    0 Votes
    2 Posts
    1k Views
    K
    If you change pFSense / Services / Squid Proxy Server / GEneral tab Then check the SSL Man In The Middle Filtering area and change the SSL/MITM Mode from Splice WhiteList, Bumb OtherWise to the Splice ALL the problem can be solve with a this shape. OR With a default value of the SSL/MITM Mode with Splice WhiteList, Bumb OtherWise you can goto ACLs atb and add desıred web site url to the WhiteList area ie: online.kktcmaliye.com
  • E

    Upgrade to Free Radius 3

    3
    0 Votes
    3 Posts
    2k Views
    E
    Great! Thx!
  • A

    Trouble Configuring Avahi

    6
    0 Votes
    6 Posts
    1k Views
    A
    @NogBadTheBad: Shouldn't your edge ports be untagges vlan 101 ? In the Netgear switch, the 6th port, which is connected to airport extreme,  is UT101 and the 1st port,which connected to Firewall,  is 101T.
  • V

    HA Proxy - Shared TCP?

    2
    0 Votes
    2 Posts
    600 Views
    S
    No, you can't do that. HTTP protocol includes HOST directive to allow endpoint to understand which website is accessed (see https://en.wikipedia.org/wiki/File:Http_request_telnet_ubuntu.png for example). TCP protocol does not have such functionality, it doesn't even know anything about hostnames or websites, it works with IPs only.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.