1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    KOMK
    @jucelio_rosa Squid runs on 2.8.1 but there was a library bug IIRC. If you manually start squid then check the system log, do you see this error? The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'ld-elf.so.1: /usr/local/sbin/squid: Undefined symbol "_ZTVNSt3__117bad_function_callE"'

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    N
    @Gertjan said in is something wrong with pfBlockerNG?: "is something wrong with my pfBlockerNG?". First off, thanks for the detail reply. After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. I understand what you are saying & hinting "maybe something is wrong with my settings" - my response is this: Everything was working before i upgraded the pfsense software to " 25.07.1-RELEASE (arm64)" -- Before the update my DNSBL Mode was set as "unbound python mode" and everything worked. Here is my "inference" - something broke in pfBlockerNG after the upgrade and I cannot 100% point to what that setting (my) is? I will observe for some days how this change in DNSBL mode works out and report the findings.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    642 Posts
    C
    For pfSense+ Version 25.0.7 FreeBSD 15.0-CURRENT: I had a recent issue after upgrading Tailscale to 1.90.4 and afterwards rebooting pfSense. Tailscale would not authenticate. After researching, I found a solution and a suggested workflow for future upgrades. First, I was able to get Tailscale to re-authenticate by executing the following commands (Tailscale Service was offline after the reboot): service tailscaled stop tailscale logout sysrc tailscaled_enable="YES" service tailscaled start tailscale up So that you know, here is the AI-generated one-liner for future upgrades on 25.x FreeBSD 15.0-CURRENT systems. I will test with the next available upgrade package: "service tailscaled stop && tailscale logout || true && fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-X.Y.Z.pkg || exit 1 && IGNORE_OSVERSION=yes pkg-static add -f tailscale-X.Y.Z.pkg && rm -f tailscale-X.Y.Z.pkg && sysrc tailscaled_enable="YES" && service tailscaled start && tailscale up && tailscale version && tailscale status"

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • B

    udpbroadcastrelay wont start

    Moved
    3
    0 Votes
    3 Posts
    747 Views
    B
    @stephenw10 thanks for your answer. looks like you have to configure a forward to be able to start the service, thanks
  • S

    No available packges (2)

    Moved
    9
    0 Votes
    9 Posts
    1k Views
    S
    @Dobby_ this one actually works. thank you so much for your help!
  • D

    Block layer 7 on websites

    13
    0 Votes
    13 Posts
    2k Views
    M
    @ammar177 Using pfBlockerNG. Create an alias of ASNs you want to block (netflix,hulu,peacock,etc..). Apply that alias to the IPs that should be blocked. There isnt a clean way to block streaming sites on pfsense. Snort openapp.id rules have not been updated in some time (over 5 years) so they will not account for the latest streaming sites. You will need to write your own rules for that. If you are looking to block streaming media sites on a phone its probably best to point that client to openDNS or NextDNS where you can do category-based blocking and not use pfSense for DNS. That's the best recommendation i can give.
  • M

    Freeradius not taking new ACME certificate

    18
    2
    0 Votes
    18 Posts
    2k Views
    A
    There’s nothing more expensive about providing a wildcard. But, if they were the same price nobody would buy a single domain certificate, because it would be simpler and as cheap to buy the wildcard. People who provide certificates have invested time and money to be in that club. Therefore they want to get back as much as they can from selling them. People are willing to pay more for wildcards so they are charged more. It’s just ordinary economics.
  • M

    node_exporter failing uname collector

    1
    4
    0 Votes
    1 Posts
    273 Views
    No one has replied
  • B

    FreeRADIUS config file exposure/preservation feature request

    1
    0 Votes
    1 Posts
    382 Views
    No one has replied
  • B

    radsecproxy package

    1
    0 Votes
    1 Posts
    257 Views
    No one has replied
  • R

    Enabling/disabling interfaces creates issues for ntopng

    1
    0 Votes
    1 Posts
    268 Views
    No one has replied
  • jimpJ

    System Patches package version 2.2.4

    1
    10 Votes
    1 Posts
    609 Views
    No one has replied
  • S

    Should I uninstall a patch before/after an upgrade?

    Moved
    5
    0 Votes
    5 Posts
    1k Views
    jimpJ
    If you added a patch manually and that fix is included in the new release, then just delete the entry from the package without touching it. If you revert a patch after upgrading you undo the fix and put back the bad code. Manual patch entries are never automatically removed. Only the "recommended" list changes automatically by version.
  • K

    pkg repository update fall

    1
    1
    0 Votes
    1 Posts
    453 Views
    No one has replied
  • O

    lcdproc crystalfontz problem

    11
    1
    0 Votes
    11 Posts
    2k Views
    Dobby_D
    @fireodo said in lcdproc crystalfontz problem: @Dobby_ said in lcdproc crystalfontz problem: Thank you very much indeed, would be one of my next options (project) to enrich my small APU´s. If you like to look here too: https://lcdstore.de/CF635TMFKU Cool after installing the Power and reset button in/on the APU I would assume that could be the next "project" or perhaps later if the Bluetooth serial port is ready installed.
  • F

    [Solved] pfSense-pkg-System_Patches reinstallation failed!

    8
    1
    0 Votes
    8 Posts
    2k Views
    F
    @SteveITS said in [Solved] pfSense-pkg-System_Patches reinstallation failed!: @furom They’re working on something. There’s an open redmine from a couple years ago but I don’t have the URL handy. At least it blocks it now. Per my sig it was… worse. That is great. And fully agree, this is much to prefer over ruining your system, no doubt at all so with some more insight, only grateful it (as usual with pfSense) turned out well :)
  • F

    Several vulnerable packages without update

    16
    2
    0 Votes
    16 Posts
    2k Views
    Dobby_D
    @fadinzr [23.05-RELEASE][root@xx xx xx]/root: pkg audit -F vulnxml file up-to-date libxml2-2.10.3_1 is vulnerable: libxml2 -- multiple vulnerabilities CVE: CVE-2023-29469 CVE: CVE-2023-28484 WWW: https://vuxml.FreeBSD.org/freebsd/0bd7f07b-dc22-11ed-bf28-589cfc0f81b0.html curl-8.0.1 is vulnerable: curl -- multiple vulnerabilities CVE: CVE-2023-28322 CVE: CVE-2023-28321 CVE: CVE-2023-28320 CVE: CVE-2023-28319 WWW: https://vuxml.FreeBSD.org/freebsd/a4f8bb03-f52f-11ed-9859-080027083a05.html py39-setuptools-63.1.0 is vulnerable: py39-setuptools -- denial of service vulnerability CVE: CVE-2022-40897 WWW: https://vuxml.FreeBSD.org/freebsd/1b38aec4-4149-4c7d-851c-3c4de3a1fbd0.html redis-7.0.10 is vulnerable: redis -- HINCRBYFLOAT can be used to crash a redis-server process CVE: CVE-2023-28856 WWW: https://vuxml.FreeBSD.org/freebsd/96b2d4db-ddd2-11ed-b6ea-080027f5fec9.html 4 problem(s) in 4 installed package(s) found. [image: 1685297038850-27latest.jpg] [image: 1685297038896-27latestpkg.jpg]
  • S

    Minor UI bug in udpbroadcastrelay

    1
    0 Votes
    1 Posts
    397 Views
    No one has replied
  • T

    Package Upgrades via CLI

    4
    0 Votes
    4 Posts
    875 Views
    JonathanLeeJ
    Pkg update Pkg clean Clean gets rid of old versions no longer needed
  • T

    system_patches update question

    Moved
    12
    0 Votes
    12 Posts
    2k Views
    RobbieTTR
    @jimp Looks fine to me now [running 23.05]. A few minutes ago: [image: 1685104895736-2023-05-26-at-13.39.19.png] Now: [image: 1685104911689-2023-05-26-at-13.40.17.png] ️
  • provelsP

    After upgrade to 23.05 RELEASE, Syslog-NG won't start

    16
    0 Votes
    16 Posts
    3k Views
    provelsP
    @jimp Yes, great work as always. All it takes is another one of us mooks to run your code and it's, "Oh, yeah, that..."!
  • G

    RRDSummary not working after upgrade to 23.05

    5
    1
    0 Votes
    5 Posts
    836 Views
    G
    I confirm the RRD_Summary 2.1 update fixes the issue. Thanks!!
  • D

    Service Watchdog Race Condition Possible?

    2
    0 Votes
    2 Posts
    506 Views
    jimpJ
    The service watchdog package is not smart. It only knows to run on a timer from cron, and it only knows to see if a process is running or not. So yes, race conditions are easily possible. Not just at boot but also during any deliberate stop/restart of a service, package ugprades, etc.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.