1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    I recently start have trouble saving my HAProxy configuration due to a error. It keeps adding clientca_ in front of the SSL offload certificate name. On file level this file does not exist! I tested with both HA Proxy plugins, the regular and dev version. I tried to regenerate the SSL (Lets Encrypt) but this keeps happening. [ALERT] (45623) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_shared-frontend.pem' (No such file or directory). [ALERT] (45623) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:28] : 'bind 0.0.0.0:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_shared-frontend.pem Does anybody have the same behaviour? to be clear I have the 25.07-RC running. The relevant part of /var/etc/haproxy_test/haproxy.cfg frontend shared-frontend bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy_test/shared-frontend.crt_list ca-file /var/etc/haproxy_test/**clientca_**shared-frontend.pem verify required crl-file /var/etc/haproxy_test/**clientcrl_**shared-frontend.pem

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    578 Posts
    T
    Re: How to update to the latest Tailscale version? I am on latest released Netgate 6100 pfSense PLUS v24 ( pfSense_plus-v24_11_amd64-pfSense_plus_v24_11 ) pkg config abi FreeBSD:15:amd64 pkg -vv | grep -A 3 "pfSense:" pfSense: { url : "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11", enabled : yes, priority : 0, cat /usr/local/etc/pkg.conf ABI=FreeBSD:15:amd64 ALTABI=freebsd:15:x86:64 PKG_ENV { SSL_CA_CERT_FILE=/etc/ssl/netgate-ca.pem SSL_CLIENT_CERT_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-cert.pem SSL_CLIENT_KEY_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-key.pem } This firewall is obviously running on FreeBSD 15 no longer on 14. But can I use the freshports link for FreeBSD 14 amd64 quarterly which is at tailscale 1.86.2 or can I only go up to version tailscale 1.84.2_1, and need to wait until they have a version of tailscale 1.86.2 or higher for the FreeBSD 15? Would it be good enough to tell it to ignore the OSVERSION? export IGNORE_OSVERSION=yes Note: use of 14 and not 15 ? pkg add https://pkg.freebsd.org/FreeBSD:14:amd64/quarterly/All/tailscale-1.86.2.pkg service tailscaled restart tailscale up

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J
    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection. If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application? Thanks.
Log in to post
Load new posts
  • G

    Freeradius and NAS IP Range instead of IP

    2
    0 Votes
    2 Posts
    1k Views
    M
    Hello, i'm in the same situation, is this possible ? does somebody know ?
  • D

    CIDR ranges in SpamD whitelist not working

    2
    0 Votes
    2 Posts
    777 Views
    R
    Looks a bug for me…. actually I already open a bug report a year ago but nobody even check... :(
  • S

    Possible to use GUI for askterisk in pfsens 2.2.4 ?

    4
    0 Votes
    4 Posts
    831 Views
    D
    OMG. Install the damned package from the package manager. There you have the GUI. (And kindly uninstall what you installed manually before that, or you'll have two broken copies of the same monster that doesn't belong on firewalls…)
  • kesawiK

    Arpwatch not starting after upgrading from v2.2.1 to v2.2.3

    6
    0 Votes
    6 Posts
    2k Views
    kesawiK
    I've found that pressing clear log also restores the list for me as well.
  • S

    Dansguardian[15497]: Error connecting via IPC socket to log

    1
    0 Votes
    1 Posts
    666 Views
    No one has replied
  • T

    Does tinc do multihomed failover?

    3
    0 Votes
    3 Posts
    1k Views
    T
    This is off-topic, but I've been running the server portion of OpenVPN at the remote offices, listening on the failover gateway, and running the clients at the central site. I add this to the client config at the central site: remote rmt.fai.ovr.con pporrtt; keepalive 1 4; Seems to work pretty well. Total time to failover = failover timeout configured on gateway group + failover timeout configured by the keepalive statement on the client I believe the above OpenVPN timeout is set to 4 seconds
  • A

    I can't get SARG Report working

    31
    0 Votes
    31 Posts
    13k Views
    P
    First of Kudos, respect and props to 'marcelloc' for the amazing package For those who still cannot get it working please remember follow the instructions for your version 32 bit or 64 bit 32 bit Reinstall Sarg Pkg rm -rf /usr/local/sarg-reports ln -s /usr/pbi/sarg-i386/local/sarg-reports /usr/local/sarg-reports 64 bit Reinstall Sarg Pkg rm -rf /usr/local/sarg-reports ln -s /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports
  • I

    NUT double start

    3
    0 Votes
    3 Posts
    1k Views
    I
    I have two pfsense severs - "pf2" normal and "pf1" with this little problem. Registration (may be "connection"?) you can see on remote NUT server by "upsc -c upsname". For UPS with pf2 I see one connection/registration, for pf1 - two. Processes on "bad" server: [2.2.4-RELEASE][root@pf1]/root: ps auxw | grep ups root    78028  0.0  0.0  18832  2416  -  Is    5:25PM    0:00.00 /usr/local/sbin/upsmon ups11@192.168.99.32 root    78081  0.0  0.0  18832  2420  -  Is    5:25PM    0:00.00 /usr/local/sbin/upsmon ups11@192.168.99.32 uucp    78366  0.0  0.0  18832  2444  -  S    5:25PM    0:01.93 /usr/local/sbin/upsmon ups11@192.168.99.32 uucp    78642  0.0  0.0  18832  2448  -  S    5:25PM    0:01.89 /usr/local/sbin/upsmon ups11@192.168.99.32 root    98879  0.0  0.0  18876  2380  0  S+  11:37AM    0:00.00 grep ups [2.2.4-RELEASE][root@pf1]/root: On "good" server: [2.2.4-RELEASE][root@pf2]/root: ps auxw | grep ups root    39209  0.0  0.1  18832  2548  -  Is  18Sep15      0:00.00 /usr/local/sbin/upsmon ups10@192.168.99.32 uucp    39236  0.0  0.1  18832  2576  -  S    18Sep15      1:33.76 /usr/local/sbin/upsmon ups10@192.168.99.32 root    64213  0.0  0.1  18876  2376  0  S+  11:40AM      0:00.00 grep ups [2.2.4-RELEASE][root@pf2]/root:
  • T

    Bacula configuration setting issues

    2
    0 Votes
    2 Posts
    1k Views
    perikoP
    Your are right, I want to understand the logic was to build the app into pfsense, don't know the idea to have a local director. Once u setup bacula with this requirement, my bacula director is not able to grab the backup from pfsense, I got the error: '26-Oct 10:13 bacula-dir JobId 33027: Start Backup JobId 33027, Job=MBX-PFSENSEMBX.2015-10-26_10.13.05_53 26-Oct 10:13 bacula-dir JobId 33027: Using Device "FileStorage" 26-Oct 10:13 bacula-fd JobId 33027: Fatal error: Authorization key rejected by Storage daemon. Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION00260000000000000000 for help. 26-Oct 10:13 bacula-dir JobId 33027: Fatal error: Bad response to Storage command: wanted 2000 OK storage , got 2902 Bad storage' Did u get the same error message? Your fix is working? Thanks.
  • T

    Siproxd error

    1
    0 Votes
    1 Posts
    684 Views
    No one has replied
  • ivorI

    MOVED: Random crash after squid package update…

    Locked
    1
    0 Votes
    1 Posts
    574 Views
    No one has replied
  • B

    Installation problem : OpenVPN Client Export Utility

    7
    0 Votes
    7 Posts
    3k Views
    johnpozJ
    I have neither of those set and just use the resolver in pfsense for all my dns, both for pfsense itself and clients on my network..  And have no problems downloading packages..
  • C

    Radius stopped after pppoe change ip

    1
    0 Votes
    1 Posts
    579 Views
    No one has replied
  • A

    Failed to install packages (After upgrade Pfsense 2.2.4)

    14
    0 Votes
    14 Posts
    8k Views
    G
    Same problem here. After installing pfSense 2.2.4 "fresh" (on a Intel Core2Duo 2.5GHz white box with 1GByte RAM), the Package manager is not able to download the OpenVPN Client export utility in my case. Tried this and other packages over several days, the same result every time. Using the download links mentioned in any of the error messages in a browser, I can download all packages without a problem. An example link:  https://files.pfsense.org/packages/10/All/zip-3.0_1-amd64.pbi There is no proxy on my own network and the command TRACERT (Windows, sew me ;)) shows no apparent proxies or DNS problems either. My topology is a simple one: internet <<>> pfSense router <<>> unmanaged switch <<>> my computer The provided links point to *.pbi files only. Where can I find alternatives for manual installation? The titles of posts in the pfSense forum from sections 'OpenVPN' and 'Installation and Upgrades' do not look to cover the problem. However, that is the general inability of people to describe their problem concisely. A forum search using term "cannot download" resulted in this https://forum.pfsense.org/index.php?topic=100128.msg557921#msg557921, but that doesn't work either. *Edit: The solution mentioned at the link above is only half of the solution. There are 2 check boxes on the mentioned pfSense 2.2.4 configuration page. The first one needs to be off/disabled, the second one needs to be on/enabled. After I did that, I was able to install packages. The 1st checkbox in this case is called: Allow DNS server list to be overridden by DHCP/PPP on WAN The 2nd checkbox in this case is called: Do not use the DNS Forwarder or Resolver as a DNS server for the firewall [image: pfSense_question.jpg] [image: pfSense_question.jpg_thumb] [image: pfSense_questionb.jpg] [image: pfSense_questionb.jpg_thumb]
  • C

    MOVED: sarg not reporting

    Locked
    1
    0 Votes
    1 Posts
    634 Views
    No one has replied
  • A

    Postfix forwarder

    2
    0 Votes
    2 Posts
    855 Views
    D
    I'll shorten your dilemma: The package never worked on pfSense 2.2.x :)
  • GruensFroeschliG

    MOVED: Can't isntall SquidGuard

    Locked
    1
    0 Votes
    1 Posts
    616 Views
    No one has replied
  • B

    PfBlockerNG - cannot open up South Korea

    3
    0 Votes
    3 Posts
    980 Views
    BBcan177B
    @brasilnut: I had all of Asia blocked, and just recently try to open up (permit) South Korea. I opened it by: opened the Asia tab - then unselected "Korea, Republic of-KR" - then pressed Save After hitting "Save", follow that with a "Force Update" to get the changes to take effect. However, a "Force Reload" is better when you remove Lists or CCs… Also, don't block the Inbound unless you have open WAN ports. And if you have open WAN ports, then protect only those open ports. Also its better to permit the few countries that you want instead of trying to block the world... See the following two links: https://forum.pfsense.org/index.php?topic=86212.msg548324#msg548324 https://forum.pfsense.org/index.php?topic=86212.msg553921#msg553921
  • S

    Schedule with squidguard

    2
    0 Votes
    2 Posts
    873 Views
    N
    not sure if is a squid problem or an very old pfsense bug that keep connection established before the off interval. you can try an experiment and manual clear the firewall states for that IP and check if he still have access.
  • P

    FreeRadius2 Diffie-Hellman 2048 bit iOS9 OSX 10.11

    8
    0 Votes
    8 Posts
    2k Views
    N
    The miscalculated MPPE keys with TLS 1.2 issue has nothing to do with weak DH. The best solution for weak DH is to configure your cipher_list directive in FreeRADIUS to one of the following two. Where there is a desire to only support modern clients: "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1" We can verify what this gives us via: openssl ciphers -v "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1" And where there is a want/need for 3DES for compatibility for legacy clients (such as Windows XP), append RSA+3DES+SHA1 to the end of that string. This gives: "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1:RSA+3DES+SHA1" Again, the resultant set of cipher suites can be seen via: openssl ciphers -v "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1:RSA+3DES+SHA1"
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.