1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @ha11oga11o Your LAN DNS returns both pfSense and Nextcloud IPs, so clients bypass HAProxy. Add a host override in DNS Resolver for nextcloud.mydomain.xx pointing only to 192.168.1.1. Flush DNS, restart Unbound, and all local traffic will use HAProxy with the correct certificate.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    D
    @Gertjan Thanks a lot for your help. This really helped me: I'm not using "pfSense pfBlocker Web server logging" (DNSBL Webserver/VIP ) as the "you are blocked web page" only shows up when the end browser user visits http sites, something that doesn't exist anymore on the Internet. All sites are https these days, and https sites can be redirected to "another https web server" like the "pfSense pfBlocker Web server". With that hint I was able to resolve my issue by: Unchecking the Python Group Policy Enable checkbox for the DNSBL Webserver Configuration on the DNSBL tab in pfblockerng. Checking the Permit Firewall Rules Enable checkbox and selecting the appropriate interfaces for the DNSBL Configuration on the DNSBL tab in pfblockerng. Forced Update | All. It now appears that all the blocked domains are appearing on the Alerts tab in pfblockerng. I couldn't find that host name in the "/var/db/pfblockerng/dnsbl/Max_MS.txt" file - where does your "/var/db/pfblockerng/dnsbl/Crazy_Max_Extra.txt:" come from ? I get that DNSBL, and 2 others, from the original maintainer (https://github.com/crazy-max/WindowsSpyBlocker): https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt. I really appreciate your help!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    713 Topics
    4k Posts
    M
    I have my wiregaurd up and running and can ping from firewall to devices on the vlan but cannot get clients to ping each other.
Log in to post
Load new posts
  • JonathanLeeJ

    Install an older pfSense package with "pkg add" and snort

    pkg downgrade packages
    3
    1
    0 Votes
    3 Posts
    939 Views
    JonathanLeeJ
    @bmeeks what's funny is the .11 version works perfectly for me on 23.05.01. I always thought it was my custom AppID stuff until you told me the real reason. I would love a new Netgate appliance that could utilize inline mode and get .SO rules. My wife won't let me until this one dies. I also can't get my 2100 to update to 23.09. But I secretly like ARM too
  • J

    HAProxy and openssl - the 'unrescue'

    1
    0 Votes
    1 Posts
    366 Views
    No one has replied
  • P

    2.6, wrong permissions on "/var/"

    Moved
    14
    0 Votes
    14 Posts
    2k Views
    jimpJ
    I opened https://redmine.pfsense.org/issues/15054 to fix up the permissions for /var RAM disks.
  • R

    Unable to check for updates pfsense 2.7.0

    5
    0 Votes
    5 Posts
    1k Views
    S
    @saidin Ok, I found out this thread. https://forum.netgate.com/topic/184195/upgrade-pfsense-ce-2-7-0-to-2-7-1 and applied the temporary fix described here https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting, which is to apply certctl rehash Later, I confirmed that I am using my correct branch in System --> Update --> Update Settings and I was able to install the packages that I needed. Thanks
  • t0m77T

    LCDproc (Watchguard) broken in 2.7.0

    Locked Moved
    7
    0 Votes
    7 Posts
    1k Views
    jimpJ
    Yes, please start your own new thread. The original issue here is 100% confirmed to be resolved so if you are hitting something similar it has to be a different cause.
  • A

    Zenarmor

    10
    0 Votes
    10 Posts
    8k Views
    V
    @chatterbox It says on their website that pfSense+ support has been dropped, but CE is still available. https://www.zenarmor.com/docs/installing/installation#installing-on--pfsense-software
  • frogF

    Freeradius configuration and users lost after upgrade to 23.09

    Moved
    3
    0 Votes
    3 Posts
    612 Views
    F
    Discussed here: https://forum.netgate.com/topic/183065/upgrade-of-freeradius3-from-0-15-10-to-0-15-10_1-sets-all-configuration-values-to-default/7
  • jimpJ

    System Patches package version 2.2.8

    1
    8 Votes
    1 Posts
    532 Views
    No one has replied
  • L

    pfSense - mailreport - authentication failure

    5
    0 Votes
    5 Posts
    1k Views
    L
    @Gertjan Thank you for this clarification!
  • R

    Bind rpz only gives max TTL of 5 seconds

    2
    0 Votes
    2 Posts
    596 Views
    R
    Today I did set up another test BIND server under linux configured it from ground up. And result is exactly the same. So this problem is not pfsense related. Its something I do not understand in Bind...
  • bthovenB

    Got Crowdsec 0.0.4 installed on my pfSense (now upgraded to V0.1

    7
    2 Votes
    7 Posts
    2k Views
    M
    @SteveITS I agree in terms of the function. It seems to work with other tools like Suricata or pfBlocker but with similar functionality. I'm willing to give it a shot once its available officially tho. Could be interesting.
  • M

    Openvpn wrapped by stunnel

    1
    0 Votes
    1 Posts
    397 Views
    No one has replied
  • S

    Restore missing FreeRADIUS config

    10
    0 Votes
    10 Posts
    3k Views
    S
    @slu said in Restore missing FreeRADIUS config: same problem after the upgrade to 0.15.10_1 today Hmmm, rereading https://redmine.pfsense.org/issues/14806, if the issue happens on uninstall, that would always be the "old" package and therefore the issue is going to affect everyone until after they get on 0.15.10_1. :(
  • G

    Upgrade of FreeRadius3 from 0.15.10 to 0.15.10_1 sets all configuration values to default.

    Moved
    9
    0 Votes
    9 Posts
    2k Views
    F
    Oof, this wiped out my FreeRADIUS config as well. Did a full restore from a manual backup and a reboot. Thank goodness for backups. Can this FreeRADIUS security issue get some love? I deleted all my users (1 user for each phone, iPad, laptop, etc.) to test it, and they're all still able to connect. Using EAP-TLS. That checkbox basically does nothing. Thanks Check Client Certificate CN Validate the Client Certificate Common Name When enabled, the Common Name of the client certificate must match the username set in 'FreeRADIUS > Users'. (Default: Unchecked)
  • F

    User Authentication with FreeRadius and Active Directory - possible?

    2
    0 Votes
    2 Posts
    1k Views
    S
    Hi @FrankoniaDKB, did you find how to this? I'm trying the same, I want auth users on a Wireless Network but i can't make this work
  • I

    Interface does not appear while creating a Span port

    span interface securityonion sniffing bridge
    1
    2
    0 Votes
    1 Posts
    519 Views
    No one has replied
  • B

    "FreeRADIUS XMLRPC Sync" - Issue with Missing Certificates

    2
    0 Votes
    2 Posts
    729 Views
    V
    Hello. Please tell me, is there any plans to fix the bug in FreeRadius XMLRPC Sync in which certificate settings disappear on the recipient after synchronization? https://redmine.pfsense.org/issues/11802 more than two years have passed
  • C

    Wireguard - Logs

    5
    0 Votes
    5 Posts
    6k Views
    F
    @bigtfromaz Agreed. I'm also looking for a way to monitor logs, and potentially send out notifications on abnormal connections, eg. Connection from a previously unseen country, etc. So far the only remote solution would be: https://github.com/MindFlavor/prometheus_wireguard_exporter I don't feel like installing additional software on my router, but on the other hand, there doesn't seem to be a way to monitor these logs externally. Please let me know if you find anything interesting.
  • E

    Netgate pfSense Plus 23.05.1-RELEASE Repo Down

    6
    0 Votes
    6 Posts
    1k Views
    johnpozJ
    @eroji well you have from the gui some previous process running.. What you see via some browser and a url isn't always going to be what is going on in the background.. Kill off that old upgrade process, and try with the gui.. edit: I just fired up my 23.05.1 VM and installed package just fine [image: 1697823628547-works.jpg]
  • K

    Package Manager is not loading on PfSense+

    3
    0 Votes
    3 Posts
    644 Views
    K
    My problem was resolved by messaging one of the admins who work for Netgate. The issue was due to the fact I had to change out my 4 port NIC on my home built pfsense plus for a new one and it changed my NDI. Once I gave that to them and they updated it to the registered e-mail on file, the Available Packages came back. I hope this helps.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.