1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    B
    @Greyhat I think it's useful to work with what we've got and figure something out for the (i hope) edge cases later. So for the JSON I figured you can actually use an existing suricata integration by co-opting their pipelines.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @dma_pf Debt collector, or debt relief service?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @netboy said in Docker container for nut server?: I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!! My apologies. I interpreted your earlier question I think i need to explain what i am asking for. I am fully aware if your netgate router is attached to an UPS you can configure netgate. Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality? as a request to have something running on pfSense, which is why I responded I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead. Mutual misunderstanding I guess. If you want to explore general NUT monitoring, and not something particular to pfSense, I would recommend the NUT Users list as a better place to seek information.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    638 Posts
    L
    @Vad-B Interesting indeed! I just tried to fill the Pre-authentication Key with file:/dev/null. I get an crash in pfsense after some time, but when I login again is saved. For me this for after service restarts at least this solves it, including the issue with the routes not being advertised even set in the WebUI. Havent done an full restart of pfsense (yet)

  • Discussions about WireGuard

    711 Topics
    4k Posts
    D
    Hello, I’m wondering if it’s possible to have a private vpn wireguard server on pfsense and to also have a personal wireguard server such that friends can link to your pfsense network but also be under the private vpn, nordvpn for example. Is that possible to with routing?
Log in to post
Load new posts
  • S

    IMspector 20111108 pkg v 0.3.1

    1
    0 Votes
    1 Posts
    596 Views
    No one has replied
  • belleraB

    Squid3-devel installation fails

    4
    0 Votes
    4 Posts
    1k Views
    belleraB
    :-[ :-[ :-[ :-[ Now, after 15-20 times worked! Perhaps because I rebooted the machine before installing a new time? :) :) :) :)
  • bmeeksB

    Snort 2.9.5.6 pkg v3.0.4 Update – Release notes and change log

    75
    0 Votes
    75 Posts
    19k Views
    bmeeksB
    @Cino: think i found another bug. I have 2 sensors for my WAN, one for blocking and another just for alerting. I've disabled my alerting interface but it still is starting when the service/router is restarted. If I re-save the disabled sensor, it brings it down I think I know what the problem is and will fix it in the next release.  I have the new 2.9.6.0 package almost ready.  Thanks for the bug report. Bill
  • E

    Squid 3-dev + squidguard issue at restart

    1
    0 Votes
    1 Posts
    917 Views
    No one has replied
  • S

    Huge issue with squid reverse proxy

    1
    0 Votes
    1 Posts
    626 Views
    No one has replied
  • G

    Anxiety-inducing snort alert

    12
    0 Votes
    12 Posts
    4k Views
    C
    Generally speaking, the shellcode signatures tend to trigger a lot of false positives on many networks, so I'd take that one less seriously than the malicious user agent, which is less likely to be a false positive (though certainly not impossible).
  • C

    Packages moved to their own server and HTTPS

    3
    0 Votes
    3 Posts
    1k Views
    C
    v1.2.3 packages are no longer supported, that's almost a 5 year old release now, and 6 releases behind current within a few days when 2.1.1 is released. There isn't any reason you can't upgrade them. That said, ones that worked a couple weeks ago should still work now. We're not intentionally breaking them (yet), but some are broken because they now require PHP 5. My first guess is maybe something about those systems is preventing them from fetching files via HTTPS. Go to a command prompt and run: fetch https://packages.pfsense.org/packages/config/filer/filer.xml see if that succeeds. If not, try: fetch http://packages.pfsense.org/packages/config/filer/filer.xml
  • M

    Understanding Squidguard logs and unblocking something

    8
    0 Votes
    8 Posts
    2k Views
    M
    I'm surprised I haven't had many responses yet. Is this because so few people use squid proxy? So, in an effort to be proactive I took a packet capture of the 10-15 seconds when my son is logging into the game that seems to have a problem with squid proxy. There are two public ip addresses involved in that transaction, but I don't really know what to do with that information. I'm willing to gather additional data if there is someone out there who would be willing to help. I realize my issue is not life or death, but I truly want to learn about squid transparent proxy and this is hindering my progress. I think it's safe to say I'm being patient. Anyone, please??
  • BBcan177B

    PfBlocker IP Count

    3
    0 Votes
    3 Posts
    1k Views
    BBcan177B
    I already moved four of the large Blacklists to a cron job running a bash script, mapped pfBlocker to a local .txt file which does that process as you so eloquently described. Shrunk the list by 50% already. I use a remote syslog (ELSA) and it would be nice to have the pfSense syslogs incorporate the Rule that Blocked/Rejected/Passed the event. I heard this might be fixed in 2.2? Also having a "hit count" would help this process. I have spent alot of time on the Blacklists. Different locations get hit with different attacks. Various lists help to protect different aspects of the network. If I had more PHP knowledge I would attempt to write some code to add some more functionality to pfBlocker. Convert /32 to /24 as an option per list Deduping based on Primary lists taking precedence Hit Count Log showing completion of list updates Previous IP count, post update IP count .csv and other file format download options (I Fixed that temporarily with a bash Script)
  • D

    Snort adds hosts to blocklist but not blocking traffic

    3
    0 Votes
    3 Posts
    2k Views
    bmeeksB
    @DmitriyTitov: Hello! I'm new to pfSense and snort and I got a task to block P2P traffic. I've installed snort package, downloaded rules and enabled snort-p2p and emerging-p2p rules. I've enabled snort on LAN interface and checked "Block Offenders" and left block "Both" IP addresses. Also I've disabled all "Decoder" and "Preprocessor" rules because I've had IMAP related alerts and don't want to block hosts based on these rules. I've started uTorrent BitTorrent client on my workstation and I nstantly had a lot of records at "Alerts" and "Blocked" tab,  but I see that my uTorrent still downloads traffic from the peer that is added to blocked! So I have visualy working instant of snort, but it doesn't actualy block traffic. Where to search for answer? Thanks in advance! Another thing to consider, the automatic "default" whitelist for Snort includes all locally attached networks.  This means, for instance, that your LAN IP addresses will not get blocked even when they generate an alert.  Now if they go out to an external host, that external host should get blocked.  To ensure this happens, though, you must click the KILL STATE checkbox on the Interface Settings tab for the interface running Snort.  Otherwise the initial packet will establish "state" for the connection and all further traffic for that session bypasses the firewall.  So even though Snort might insert a block, if an entry for the session is in the state table, traffic will continue to flow around the block via the open state table entry.  Killing state when inserting a block is how Snort can get around this.  But killing state is a manual choice of the user. Bill
  • U

    Sarg not displaying reports

    3
    0 Votes
    3 Posts
    1k Views
    U
    So finally i was able to generate the reports . the problem was on configuration …. If someone else has the same problem with me ... On the general tab select only the American or European format . DO NOT SELECT the weekly On the schedule tab You can use the below args … TODAY -d date +%d/%m/%Y YESTERDAY -d date -v-1d +%d/%m/%Y WEEK AGO -d date -v-1w +%d/%m/%Y-date -v-1d +%d/%m/%Y MONTH AGO -d date -v-1m +01/%m/%Y-date -v-1m +31/%m/%Y
  • K

    TinyDNS (dns-server) package creating incorrect NS records

    1
    0 Votes
    1 Posts
    968 Views
    No one has replied
  • L

    SQUID+HAVP causes frequent disconnects/reconnects for Outlook (office365)

    2
    0 Votes
    2 Posts
    2k Views
    G
    Hi, I have the same setup and facing similar issue as Lemb. I've also added the list of IP's and URL's of office 365 provided by Microsoft (http://blogs.technet.com/b/neiljohn/archive/2012/01/26/office-365-proxy-server-exclusion-list-office-365-service-url-s.aspx) to whitelist of HAVP Antivirus, still facing the same issue. Outlook looses connectivity to Exchange server and reconnects very frequently. If HAVP is uninstalled, everything  works fine. And Lemb, as I noticed you've posted this issue in December 2013. It's been 3 months that you've faced this issue, have you been able to find a solution or workaround for this issue? Please help. Thanks & Regards, Gautham B
  • Q

    Squid3 w/ SquidGuard3 Transparent Mode

    3
    0 Votes
    3 Posts
    1k Views
    Q
    @loupalladino: What is logged in access.log and squidGuard.log when you make the attempt with transparent enabled? Hi loupalladino, Thanks for the response. Sorry for the delay. I tried checking the logs under: /var/squid/logs /var/squidGuard/log but I do not see any errors in either. Under access.log I do see the requests I've made. Also note I tried removing all squid. Even when under pkg_delete and removed anything left behind. Re installed just Squid3 and turned on transparent mode and the problem still exists… Thoughts? Thanks
  • S

    Squid3-dev update

    11
    0 Votes
    11 Posts
    3k Views
    belleraB
    @marcelloc: Some forum users reported that squidguard3 is not working with squid3-dev. I did not had time to test it because I do not use squidguard. Working… https://forum.pfsense.org/index.php?topic=73640.msg402286#msg402286 https://forum.pfsense.org/index.php?topic=73740.0 (Spanish Forum)
  • M

    Adding rules through putty

    3
    0 Votes
    3 Posts
    1k Views
    BBcan177B
    Do not edit rules from the Command Line. You can severely break pfSense if you make a mistake. All Snort Rule changes should be made from the Web GUI. (Change the WAN to LAN depending what you are trying to achieve) Step 1- Snort:WAN Interface EDIT:WAN Categories and make sure that ET Policy has a checkbox. If not select and restart the interface. Step 2- Snort:WAN Interface EDIT:WAN Rules (Select ET Policy Category) CTRL-F (search for dropbox to enable the rules that are already defined) And enable/disable the rules this way. If you want to create a local rule, you would enter the rule Snort:WAN Interface EDIT:WAN Rules - Custom.rules
  • S

    HTTPS - Redirection with HAProxy

    4
    0 Votes
    4 Posts
    2k Views
    P
    for https you either need to use mode 'TCP' or use haproxy-devel package and use mode 'https' or use 'http' with ssl offloading and configure certificates on pfSense. Only the haproxy-devel package has the more advanced ssl options.
  • M

    Squid3-dev clamav test

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Pfsense squid proxy, two times of refresh than it works

    2
    0 Votes
    2 Posts
    850 Views
    S
    the solution is to go to pfsense gui -> services -> proxy server -> general and set the "Resolv dns v4 first" checkbox
  • S

    Squid3-dev service failing to start.

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    fetch missing libs. i386 help thread https://forum.pfsense.org/index.php?topic=62256.msg373791#msg373791
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.