1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    I have an issue with anydesk, i read that allowing the traffic from these: if (dnsDomainIs(host, "teamviewer.com") || shExpMatch(host, "*.teamviewer.com")) { return "DIRECT"; } // AnyDesk if (dnsDomainIs(host, "anydesk.com") || shExpMatch(host, "*.anydesk.com") || shExpMatch(host, "*.net.anydesk.com") || shExpMatch(host, "relay-*.anydesk.com") || shExpMatch(host, "*.relay.anydesk.com")) { return "DIRECT"; would make anydesk connections don't go through proxy because anydesk doesn't work with a transparent proxy config, it did work for teamviewer but anydesk is intermitent (only works 10% of the time) I have no ssl interception and Transparent HTTP Proxy is disabled.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    This has come up (at least on this forum) here, here, here, and here. As of today, I have a CE 2.8.1-RELEASE system with pfBlockerNG-devel 3.2.10 installed, and which during execution of... /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc ...the following error is printed to the pfblockerng.log file: [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] Upon additional inspection of extras.log, it appears that the error is being thrown specifcally during the attempted download of (configured-to-use-on-my-particular system) the Tranco TOP1M feed. Relevant snippet: Download Process Starting [ 11/20/25 16:14:45 ] /usr/local/share/GeoIP/GeoLite2-Country.tar.gz 200 OK /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 200 OK /var/db/pfblockerng/top-1m.csv.zip 200 OK Failed to Download top-1m.csv /usr/local/share/GeoIP/asn.mmdb 200 OK /usr/local/share/GeoIP/asn.csv.gz 200 OK ASN Lookup Table has been updated [ 11/20/25 16:14:53 ] Download Process Ended [ 11/20/25 16:14:56 ] Country code update Start Processing ISO IPv4 Continent/Country Data Processing ISO IPv6 Continent/Country Data [ 11/20/25 16:15:31 ] Creating pfBlockerNG Continent PHP files IPv4 Africa [ 11/20/25 16:15:56 ] IPv6 Africa [ 11/20/25 16:15:57 ] IPv4 Antarctica IPv6 Antarctica IPv4 Asia IPv6 Asia [ 11/20/25 16:16:01 ] IPv4 Europe [ 11/20/25 16:16:04 ] IPv6 Europe [ 11/20/25 16:16:13 ] IPv4 North America [ 11/20/25 16:16:21 ] IPv6 North America [ 11/20/25 16:16:33 ] IPv4 Oceania [ 11/20/25 16:16:43 ] IPv6 Oceania [ 11/20/25 16:16:44 ] IPv4 South America IPv6 South America [ 11/20/25 16:16:45 ] IPv4 Proxy and Satellite [ 11/20/25 16:16:46 ] IPv6 Proxy and Satellite IPv4 Top Spammers IPv6 Top Spammers pfBlockerNG Reputation Tab Country Code Update Ended Given the previous posts, and setting aside that this same issue has been observed with other feeds and at least one other unaccounted for MIME-type (i.e., application/SIMH-tape-data), I assume that if I add application/octet-stream to the list starting at L257 of /usr/local/pkg/pfblockerng/pfblocker.inc, then the download will complete and be parsed correctly. In fact, I had done that prior to the most recent package update and temporarily resolved the issue. @BBcan177, any insight as to why this 'fix', i.e., adding application/octet-stream to the list of acceptable MIME-type downloads, hasn't yet been officially made? This issue is particularly elusive because the error is printed rather nondescriptly to the pfblockerng.log, which is easily 'buried' within normally logged update operations—and because, so long as the TOP1M feed is successfully downloaded and parsed just one time, the package will continue to reuse its stale copy.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    665 Posts
    C
    @Wolf666 Thank you, I will try it. Unfortunately, since I had already replaced the contents of /usr/local/etc/rc.d/tailscaled and it had been working so far, I will not be able to tell which of the two solved the problem. And of course, I can't find a copy of the old .../rc.d/tailscaled. Therefore, if none of this works, it will require yet another delete and reinstall of everything Tailscale in my system.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    J
    Great. Thanks for the info.
Log in to post
Load new posts
  • jimpJ

    System Patches Package v2.2.23

    Pinned
    1
    7 Votes
    1 Posts
    3k Views
    No one has replied
  • 1

    DNS Broken for pkg.pfsense.org

    Pinned Locked
    3
    0 Votes
    3 Posts
    18k Views
    jimpJ
    https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2
  • R

    Packages wishlist?

    Pinned
    661
    0 Votes
    661 Posts
    2m Views
    O
    PRTG
  • JSmoradaJ

    Is anyone working on a RustDesk package?

    3
    0 Votes
    3 Posts
    707 Views
    M
    Using rustdesk pro self-hosted If's fantastic except when a client machine is in a restrictive environment with only 80/443 outbound open. Apparently there's a working websocket config but I wanted to use PfSense/HAproxy and can't translate the setup from nginx I'm a bit surprised more people aren't trying to do this to avoid the crushing costs of Teamviewer these days, and the absurd limimtations or security risks of other solutions.
  • V

    23.09.1 from 23.05.1 freeRadius broke

    10
    0 Votes
    10 Posts
    1k Views
    V
    Note to self under the latest release I had to set decipher list to cipher_list = "DEFAULT@SECLEVEL=0"
  • luckman212L

    udpbroadcastrelay vs mcast-bridge vs mdns-bridge

    4
    0 Votes
    4 Posts
    128 Views
    dennypageD
    @luckman212 said in udpbroadcastrelay vs mcast-bridge vs mdns-bridge: I'm reminded of xkcd 2347... LOL! Closer than you know... I used to be one of those random maintainers in Nebraska. There were actually a handful of us, but we all escaped the state before 2003.
  • P

    LLDP Package disappeared

    6
    0 Votes
    6 Posts
    353 Views
    AMG A35A
    @dennypage Tried first option, did not fix. Then tried second which has fixed the problem, thanks for your help. I have a second unit on 25.07.1 found that had identical problem, again option two fixed.
  • J

    This topic is deleted!

    1
    0 Votes
    1 Posts
    10 Views
    No one has replied
  • kmpK

    Problem with Net-SNMP - not starting

    5
    0 Votes
    5 Posts
    3k Views
    M
    @barnettd Thanks for the fix! I was running into the exact same issue. Like @kmp, the pkg utility also had to be downgraded: pkg: 2.2.2_2 → 1.21.3_5 [pfSense] The following packages were reinstalled: pfSense-repo-25.07.1 [pfSense] pfSense-upgrade-1.3.11 [pfSense] snmpd starts up and everything appears to be working after a reboot.
  • R

    pfSense 2.8 Installation Fails, and 2.7.2 Cannot Fetch pkg Packages – Repository Unreachable”

    6
    0 Votes
    6 Posts
    351 Views
    GertjanG
    @rootCRO said in pfSense 2.8 Installation Fails, and 2.7.2 Cannot Fetch pkg Packages – Repository Unreachable”: services.netgate.com Where did you get that "services.netgate.com" host name from ? Here is the forum that handles the 'install' questions : Home > pfSense Software > Problems Installing or Upgrading pfSense Software. @rootCRO said in pfSense 2.8 Installation Fails, and 2.7.2 Cannot Fetch pkg Packages – Repository Unreachable”: I’d really like to know exactly where pfSense pulls its packages from FreeBSD: { enabled: no } pfSense-core: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_07_1_amd64-core", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } pfSense: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_07_1_amd64-pfSense_plus_v25_07_1", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } I'm using pfSense plus. Be ware : you can't point a web browser to URL like https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_07_1_amd64-pfSense_plus_v25_07_1, as it is not a web server.
  • M

    mdns-bridge one-way reflection

    26
    0 Votes
    26 Posts
    1k Views
    M
    @keyser said in mdns-bridge one-way reflection: @marcg Yes, those ports are needed - in what we consider the wrong direction - when you are Airplaying Video/screen mirroring. For sound only Airplay they are not needed/used. @keyser @dennypage , thanks for the info and confirmation. Somewhat reminiscent of the well-known firewall issues with active FTP ... with the difference that Airplay was introduced 20+ years later.
  • E

    zabbix 7.4 package

    1
    0 Votes
    1 Posts
    86 Views
    No one has replied
  • kesawiK

    UDP Broadcast Relay and subnet-directed broadcasts

    2
    1
    0 Votes
    2 Posts
    349 Views
    keyserK
    While I'm not 100% sure it cannot be brought to relay subnet-directed broadcast, it would make little network sense if it did. Remember that any IP stack on the other side that follows IP guidelinies would still drop the packet even if the NIC picked up the L2 broadcast frame from the wire. The idea of the package is forwarding Class D (multicast) and proper global broadcast frames.
  • S

    snort 4.1.6_27 crashing with php error

    4
    0 Votes
    4 Posts
    254 Views
    S
    yeah, it's fixed with _28
  • R

    Need urgent support with HAProxy setup will pay

    1
    0 Votes
    1 Posts
    180 Views
    No one has replied
  • keyserK

    Advantages of mDNS-Bridge vs UDPBroadcastRelay

    7
    0 Votes
    7 Posts
    476 Views
    keyserK
    @dennypage And thank you SO much to @dennypage for maintaining the package - and so selflessly spending time supporting it and us users. Especially when we ask stupid questions or are so selfcentered we find ourselves important enough to outright complain over volunteer work like this. All package maintainers should really have a HERO badge here on this forum.
  • E

    HAProxy - Files

    3
    4
    0 Votes
    3 Posts
    425 Views
    patient0P
    @AnthonySalamone preface: I don't use HA Proxy but did use the power of searching the internet. If you want to use pfSense with Authelia, which seems to use these exact three files, someone written a blog post about how to do it: https://kovasky.me/blogs/pfsense_haproxy_authelia/
  • A

    Prometheus Node Exporter gives log errors - fix or suppress in log

    7
    0 Votes
    7 Posts
    6k Views
    A
    @nws thanks for the consistent fix - I completely overlooked that for a while. And @credulous yes, it's still a mystery why the collectors seemingly trigger and gives errors, and also why they don't appear at the collector list. It seems the Prometheus Node Exporter package on FreeBSD has very low priority perhaps? Else you would imagine something like this could be fixed.
  • CreationGuyC

    HAProxy / ACME + external webhost?

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • C

    FreeRadius or something else, for MFA without a PIN code?

    9
    0 Votes
    9 Posts
    3k Views
    N
    @Codefighter Thanks @Codefighter, you’ve nailed it. I totally agree that for home use, OTP can feel like overkill. But when it comes to small, medium, and large businesses, we’ve got a real responsibility to keep networks and systems secure. We can’t afford to be casual or underestimate the risks out there. Honestly, I’d much rather hear a few grumbles from employees about typing in an OTP every time they hop on the VPN than have to sit in a meeting with the board explaining why we didn’t do enough to prevent and mitigate a cyberattack.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.