1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: @ha11oga11o if you resolve nextcloud.mydomain.xx to your external IP, ie the same one public people do then it would be handled by your haproxy. Example I have ssl offloading for external users for the public fqdn something.mydomain.tld - this resolves externally to my public IP that hits pfsense wan, this also resolves to my public IP when on my local network, so again haproxy handles the ssl, etc. But if I wanted or needed to access that directly on my local lan then I use its name.home.arpa:port that the service is on that doesn't do ssl, etc. What is the point of using the same fqdn internally and externally? What do you think that gets you other than issues? On this case problem is that phone nextcloud client hangs when switching out and in. Simply cannot be used when inside LAN. Well, it can be used either out or in. But to switch it it needs to be totally reset and sync. It remember which connection is allowed, at which cert. And sticks on that. Basically its useless until i sort this out to behave exactly same out and in. I cant believe no one had similar issue at home lab self hosted?? Im sure someone had need to do things like this? Thank you again.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    C
    Hi folks, Whenever I try to access a DNSBL blocked root domain it shows the block page but the moment it gets into a subfolder or file in the domain it only shows 1x1 px page. Meaning http://detectportal.firefox.com/ redirects to the DNSBL blockpage with the blocked domain info "This website detectportal.firefox.com has been blocked by the Network Administrator!" but if I try http://detectportal.firefox.com/canonical.html http://detectportal.firefox.com/success.txt http://detectportal.firefox.com/justatest it only shows 1x1pixel Is this by design? Is there anything I can do to make the rest of the pages show the alert? Regards

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • S

    PFSense 2.0

    1
    0 Votes
    1 Posts
    571 Views
    No one has replied
  • D

    OpenVPN Client Export Utility - Revoked Certificates

    2
    0 Votes
    2 Posts
    936 Views
    jimpJ
    Not easily, no. It could maybe be added to the export package in the future, but it does not currently exist. After revoking the certificate you could save a copy locally and then remove it from the list of certificates if you wish to stop it from being used again.
  • D

    How to configure SARG

    2
    0 Votes
    2 Posts
    965 Views
    D
    Having the same issue before but now it's giving me the report that I've set. Try Forcing Schudule, and Save. [image: pf_force_sched.JPG] [image: pf_force_sched.JPG_thumb]
  • D

    Trying to delete Lightsquid

    6
    0 Votes
    6 Posts
    2k Views
    KOMK
    You're aware that you can export your entire configuration, reinstall pfSense and then reimport your config?  Diagnostics - Backup/Restore.
  • S

    Suricata keeps getting disabled

    4
    0 Votes
    4 Posts
    3k Views
    Z
    It's happening to me to so I am leaving it disabled until the update comes out. I check daily for a package update.
  • A

    Enforce use of squid proxy in non-transparent mode?

    7
    0 Votes
    7 Posts
    6k Views
    A
    Strange, I didn't notice your response until just now. I had already found that option by that time however. Yes, it is on the diagnostics menu. I'm still having an issue getting this working, however. I am going to start a new thread for that, however.
  • S

    [SOLVED] Squid Proxy for Transparent Caching of HTTP and HTTPS

    3
    0 Votes
    3 Posts
    2k Views
    KOMK
    To do HTTPS with a transparent proxy, you will have to install a certificate on every client computer, so you end up touching all your clients anyway.
  • V

    Squid - Help on proxy authentication

    2
    0 Votes
    2 Posts
    731 Views
    V
    Anyone?
  • H

    Packes and backup pfsense server - newbie question

    2
    0 Votes
    2 Posts
    645 Views
    ?
    You need to install every package you installed on the master, on the slave as well. And reconfigure it from scratch if that package does not offer syncing its settings to the slave (some packages do, most do not). It's not as difficult as it sounds, it's a do it once and forget it process.
  • D

    Squid 3: HTTPS and Multiserver

    1
    0 Votes
    1 Posts
    540 Views
    No one has replied
  • R

    SquidGuard 1.4_4 pkg v.1.9.5 not running

    4
    0 Votes
    4 Posts
    1k Views
    T
    SquidGuard is started by Squid itself via the "Squid.conf". First you download a blacklist on the (Blacklist) page. (use shallalist for example) (during the update log it must read "found xx items", those are the subjects you can block from that list) Select the stuff you want to block and allow (Common ACL). (default access = allow) Pressing save and then apply in the main Squidguard (proxy filter) page will save the settings into "Squid.conf".
  • K

    Squid Video Cache ?

    1
    0 Votes
    1 Posts
    667 Views
    No one has replied
  • S

    Squid3 logs stopped since 2.1.5 update

    1
    0 Votes
    1 Posts
    676 Views
    No one has replied
  • J

    Squid3-dev not working

    12
    0 Votes
    12 Posts
    2k Views
    J
    Got it… in squid had to add a few custom opcions... like this: acl LAN1 src 192.168.1.0/24;tcp_outgoing_address 164.67.234.231 LAN1; All working now. Thanks.
  • E

    Squid error with gui and acl localnet

    2
    0 Votes
    2 Posts
    1k Views
    E
    I have narrowed it down to my openvpn interface (OPT) being enabled in the gui as a transparent interface, giving the weird address.
  • B

    Minor update to varnish package

    1
    0 Votes
    1 Posts
    648 Views
    No one has replied
  • T

    Gateway down alert via email

    5
    0 Votes
    5 Posts
    6k Views
    D
    My fault  :-[ It only works when you have gateway groups activated for loadbalancing or failover…
  • H

    Openvpn Client Export not reinstalling/uninstalling.. stuck on deinstall

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    Is there any error message shown on the page at all? It sounds like maybe the package .inc file has gone missing. From the shell or diag > command in the shell exec box, try this: fetch -o /usr/local/pkg/ https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.inc Then uninstall again.
  • D

    Squid - Upstream (remote cache) proxy issues

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • N

    Squid Logging on remote logging server or remote DB

    1
    0 Votes
    1 Posts
    501 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.