1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    644 Posts
    C
    @elvisimprsntr Thank you. I would not be surprised if I ended up with a lengthy solution that works but needs significant improvement. I am using a Netgate 6100 with pfSense+, starting with version 24.x. I had updated Tailscale without trouble per this discussion by using pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-x.y.z.pkg. This worked until pfSense+ version 25.0.07 (FreeBSD 15-CURRENT) and Tailscale upgrade 1.88.3. After several attempts and web searches, I was only able to install that upgrade by using: fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.88.3.pkg, and then IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.88.3.pkg. Then, I could not restart Tailscale, no matter what I tried, including the sequence: service tailscaled stop, tailscale logout, service tailscaled start, and then tailscale up.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    L
    @subhan2k said in [Guide] Setup a wireguard tunnel to VPN provider (multiple VPN tunnel setup): I tried following your guide to set up the Surfshark WireGuard server configuration in pfSense as default gateway, but I got stuck at the static routes step. In my case, the endpoint isn’t a numeric IP — it’s listed as us-bna.prod.surfshark.com. How should I add this to the static routes? In my configuration: Endpoint: us-bna.prod.surfshark.com Address: 10.14.0.2/16 So what exactly should I enter in the static routes? after switching the default gateway from WAN_DHCP to the WireGuard VPN my Interent doesn't work so adding static routes is mandotary (Im using inside vmware) nslookup us-bna.prod.surfshark.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: us-bna.prod.surfshark.com Address: 82.26.162.48 Name: us-bna.prod.surfshark.com Address: 82.26.162.53 That should do it Just take 1 of the 2. And in general, don't use domain names but only IP. Before you start, choose 1 of the 2 IPs and use it for the whole process
Log in to post
Load new posts
  • iftvioI

    haproxy (v0.61_9) generates a PHP error when a HAProxy Frontend is set to use a SSL Offloading Certificate that has multiple Common Names

    8
    0 Votes
    8 Posts
    3k Views
    S
    @iftvio Hello! The propriety of multiple CNs in a cert notwithstanding, and not knowing exactly which version you are running or the intent of the original design goals with regards to handling multiple CNs, a quick code review of your suggested fix would indicate that it may not work in all situations. Among the possible issues: $is_wildcard will be set based on the last CN checked in the array. str_replace will return an array when the subject ($cert_cn) parameter is an array, which will cause subsequent calls to substr that reference $cert_cn_regex to fail. A quick hack might be to simply set $cert_cn to the first/last CN in the array, when present. Of course, any code changes should be fully unit tested. John
  • L

    This topic is deleted!

    2
    1
    0 Votes
    2 Posts
    245 Views
  • H

    HTTPS Custom Error page in Squid Pfsense

    squidguard pfsense 2.6 squidproxy squid
    1
    0 Votes
    1 Posts
    768 Views
    No one has replied
  • H

    Telegraf PHP Error on Pfsense 23.01 RELEASE

    1
    0 Votes
    1 Posts
    512 Views
    No one has replied
  • J

    FreeRADIUS - LDAP: Use ldaps:// in address field

    1
    0 Votes
    1 Posts
    686 Views
    No one has replied
  • C

    Snort Alert Pass List

    9
    0 Votes
    9 Posts
    2k Views
    C
    Thanks steve! I'll check them out!
  • D

    Configure FreeRadius & multiples ssids <> users

    12
    0 Votes
    12 Posts
    3k Views
    D
    @nogbadthebad For information, here is the right syntax : Called-Station-Id =~ '.*:ssid_name' or in case you want to catch the complete value (ie > "mac:ssid") : Called-Station-Id == "aa-bb-cc-dd-ee-ff:ssid_name" -> Now, user is connecting ONLY to one ssid. Thanks a lot for helping me to fix this setup
  • G

    FreeRadius stopped working

    9
    0 Votes
    9 Posts
    2k Views
    G
    @giyahban Strange thing happened when I changed every 127.0.0.1 ip to lan ip now its working! it would be nice to understand what was causing the problem!
  • Y

    Unable to retrieve package information

    1
    0 Votes
    1 Posts
    522 Views
    No one has replied
  • D

    No available packages

    2
    2
    0 Votes
    2 Posts
    918 Views
    P
    Hi Dominik there is already a redmine ticket and other threads dealing this issue https://forum.netgate.com/topic/178822/no-available-packages
  • K

    Help with HAProxy and Docker

    2
    0 Votes
    2 Posts
    914 Views
    K
    @konjugatix allright, ive done a factory reset and switched my dyndns provider, this one messed up and gave my domain the wrong ip. Now ive got my domain set up with the correct ip and have started again. To this day, i have opened ports 80&443 on my appliance, though when i do a nmap on the IP/domain from outside the network(s), only port 80 is open, does anyone have had a similar issue? I made a simple rule WAN->Tis firewall (Self) with tcp on 80 and the same for 443 in a separate rule.
  • J

    Upgrade 22.05 to 23.01 fails on FreeRADIUS XMLRPC Sync

    Moved
    3
    0 Votes
    3 Posts
    897 Views
    J
    The filed bug gave a good hint about not having an empty HA-Sync configuration under 'System'. I've put a username and password in that configuration to make sure it's not empty. This results in a working upgrade, and working Freeradius after upgrade. XMLRPC also works fine after the upgrade.
  • C

    Using avahi to resolve hosts

    8
    0 Votes
    8 Posts
    2k Views
    johnpozJ
    @dennypage avahi just doesn't work - there are multiple steps required to get it working with firewall rules, and all that would be would be discovery. It wouldn't allow access.. its mdns..
  • G

    pfsense 2.6 has no working speedtest-cli

    6
    0 Votes
    6 Posts
    2k Views
    G
    @johnpoz yup, that was it. I haven't installled a router in a while with pfsense and I guess I completely forgot about the need to rehash? But I installed screen and vim no problem. Some packages need a rehash and some do not? Thank you all for your comments
  • H

    Error install zabbix-agent62-1.0.5

    10
    1
    1 Votes
    10 Posts
    3k Views
    E
    @hugo-santos Hah, that's not much of a fix but I'm glad you're all set :-)
  • E

    Installing Zabbix 6.2 agent on CE 2.6.0 doesn't work

    1
    0 Votes
    1 Posts
    436 Views
    No one has replied
  • A

    Have any friend know axiomtek na592 use what lcdproc driver?

    2
    0 Votes
    2 Posts
    725 Views
    A
    I find is use AX93304 this lcd.What is this driver use?
  • A

    SMTP server on pfSense.

    Locked
    27
    0 Votes
    27 Posts
    7k Views
    jimpJ
    @apetrenko said in SMTP server on pfSense.: Question to netgate: why are you so interested to prevent me to use smtp relay on pfSense box? You have no obligation, I'm using the "community edition". Everything on my responsibility. Why are you so much stirred up against my solution? Because this is a security product and e-mail services have a long history of being a gigantic attack surface full of holes and bringing more risk than anyone sane would want to take on. Most other add-on services are either only still around because they're entrenched (and hard to get people to stop using) or because the risk is relatively low by comparison. If you want to do it, you're on your own. That kind of service does not belong on a firewall. EOT. Locking.
  • B

    rsync installation

    9
    0 Votes
    9 Posts
    1k Views
    fireodoF
    @viragomann said in rsync installation: pfBlockerNG is even mandatory on pfSense.
  • T

    FreeRADIUS maximum daily usage issue

    1
    1
    0 Votes
    1 Posts
    474 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.