1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    B
    @Greyhat I think it's useful to work with what we've got and figure something out for the (i hope) edge cases later. So for the JSON I figured you can actually use an existing suricata integration by co-opting their pipelines.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    N
    @netboy Most probaly a configuration regression. You really need to dig deeper. From which pf version did you upgrade? Have you tried removing and reinstalling pfblockerng? Looking to the moon for craters with naked eye doesn't show the one that the crashed spaceship created. Use a telescope instead. FWIW, I see quite a few pfblockerng instances on 25.07.1 running with no (apparent) issues τοο

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    F
    Hi, I did a test to see if my UPS is working properly. I could see that it wasn't :-( The UPS cuts the power very quickly (about 1 minute), which means, for example, my NAS doesn't have time to shut down properly. My setup was working before. I updated pfSense. The problem might be coming from there. UPS Detail Variable Value battery.charge 100 battery.charge.low 20 battery.runtime 1417 battery.type PbAc device.mfr EATON device.model Ellipse PRO 650 device.serial P354L18GBN device.type ups driver.debug 0 driver.flag.allow_killpower 0 driver.flag.ignorelb enabled driver.name usbhid-ups driver.parameter.override.ups.delay.shutdown 90 driver.parameter.pollfreq 30 driver.parameter.pollinterval 2 driver.parameter.port auto driver.parameter.synchronous auto driver.state updateinfo driver.version 2.8.2 driver.version.data MGE HID 1.46 driver.version.internal 0.53 driver.version.usb libusb-1.0.0 (API: 0x1000102) input.frequency 50.0 input.transfer.high 285 input.transfer.low 165 input.voltage 229.0 input.voltage.extended no outlet.1.desc PowerShare Outlet 1 outlet.1.id 2 outlet.1.status on outlet.1.switchable no outlet.2.desc PowerShare Outlet 2 outlet.2.id 3 outlet.2.status on outlet.2.switchable no outlet.desc Main Outlet outlet.id 1 outlet.switchable no output.frequency 50.0 output.frequency.nominal 50 output.voltage 230.0 output.voltage.nominal 230 ups.beeper.status enabled ups.delay.shutdown 90 ups.delay.start 30 ups.firmware 01.16.0020 ups.load 19 ups.mfr EATON ups.model Ellipse PRO 650 ups.power 114 ups.power.nominal 650 ups.productid ffff ups.realpower 76 ups.serial P354L18GBN ups.status OL ups.timer.shutdown -1 ups.timer.start -1 ups.vendorid 0463 Extra Arguments to driver ignorelb override.ups.delay.shutdown = 90 Do you have an idea ? Sorry I'm newbie Thanks.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    I feel like I’ve followed every guide there was. I was able to get nordvpn via wireguard on my pfsense but for the life of me I can’t get my own wireguard server working. I can’t even get a handshake. I have all the firewall rules mentioned, the gateway, interfaces. Etc. I got no clue what to do at this point. Can anyone please help? I’ll provide any information required I just don’t even know where to start I’ve tried every YouTube video possible and guide it’s strange. I was able to get nordvpn working but I can’t get my own.
Log in to post
Load new posts
  • E

    Problem with site with squid -3 development

    4
    0 Votes
    4 Posts
    1k Views
    T
    Maybe a "proxy.pac" file or "wpad.dat" would be an option. (create one in the usr/local/www folder and make a symb-link for the other) There are topics on how to serve this pac-file via extra http-service on port 80 in combination with DHCP and have the pfsense GUI run on https. How successful it will be that depends on how you roll out DCHP (additional option 252, text, location of proxy.pac) and if users are allowed to change their internet settings regarding proxy settings. You filter https or facebook requests to be redirected to a "denied page". Example "proxy.pac" function FindProxyForURL(url, host) {   url = url.toLowerCase();   host = host.toLowerCase();   isHttp = (url.substring(0,5) == "http:");   isHttps = (url.substring(0,6) == "https:") // If the requested website is hosted within the internal network, send direct.     if (isPlainHostName(host) ||           shExpMatch(host, "*.home") ||           shExpMatch(host, "*.local") ||           isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||           isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||           isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||           isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) { return "DIRECT"; } // Forward non-http(s) and some hosts to forward proxy (or DIRECT (or access denied page?)) if((!isHttp && !isHttps) // Skip all non http(s)   || dnsDomainIs(host, "microsoft.com")   || dnsDomainIs(host, "windowsupdate.com")   || dnsDomainIs(host, "eset.com")   || dnsDomainIs(host, "mcafee.com") // McAfee   || dnsDomainIs(host, "siteadvisor.com") // McAfee   || dnsDomainIs(host, "hackerwatch.com") // McAfee   || dnsDomainIs(host, "hackerwatch.org") // McAfee   || dnsDomainIs(host, "avg.com")   || dnsDomainIs(host, "grisoft.cz")   || dnsDomainIs(host, "avgfree.com")   || dnsDomainIs(host, "avg.cz")   || dnsDomainIs(host, "symantecliveupdate.com")   || dnsDomainIs(host, "thawte.com")) { return "DIRECT"; } if (isHttps)   // Skip HTTPS (or return access denied page?) { return "DIRECT"; } // Otherwise, go through our proxy or if it fails, through bypass return "PROXY 192.168.0.1:3128; DIRECT"; } Or you could try a squidguard filter with a redirect page, maybe add a "proxy-list" and "VPN-service-list" to the block list there so users won't be able to use or search for anonimous-proxy or VPN's to circumvent the restrictions.
  • X

    Blinkled memory leak? (Alix platform)

    3
    0 Votes
    3 Posts
    1k Views
    X
    I think I've found a semi-reliable way to reproduce the leak. But as this is an alix2d3 with 256mb box running extra stuff pushes it's memory limits tight. If the interface goes away, the following code to never hit the cleanup path (can't find the source on the git repos, so from that post linked in the first post.):   for(ifp = TAILQ_FIRST(&ifh); ifp; ifp = TAILQ_NEXT(&ifc, if_list))   {       n = kvm_read(kd, (u_long)ifp, &ifc, sizeof(ifc));       if(n<0)       {         fprintf(stderr, "Error: kvm_read(element): %s\n", kvm_geterr(kd));         kvm_close(kd);         return -1;       }       if(strcmp(ifname, ifc.if_xname) == 0)       {         data->opackets = ifc.if_data.ifi_opackets;         data->ipackets = ifc.if_data.ifi_ipackets;         data->obytes = ifc.if_data.ifi_obytes;         data->ibytes = ifc.if_data.ifi_ibytes;         data->baudrate = ifc.if_data.ifi_baudrate;         kvm_close(kd);         return 0;       }   } } Note; there is no kvm_close(kd) if the interface isn't matched. I guess the package isn't being restarted in some conditions when the interface derps.
  • M

    Postfix - read only filesystem?

    2
    0 Votes
    2 Posts
    908 Views
    P
    pfSense recreates everything at boot time from data in its own config.xml - which is where all the GUI settings are saved. If you change any package conf file from the command line, the change will be lost when you reboot, or some other event happens that makes pfSense restart all the packages. You have to find a way to do your settings using the GUI provided with the package.
  • R

    Unbound package re-installation fails

    4
    0 Votes
    4 Posts
    1k Views
    W
    Nope that is an entirely different problem
  • G

    Unbound failing to install on 2.1.1 march 3

    4
    0 Votes
    4 Posts
    1k Views
    W
    A mistake on my part apologies on that - but fixed.
  • S

    PROBLEM: Unistall squid using console command

    3
    0 Votes
    3 Posts
    2k Views
    S
    Hi, I still haven't found a solution to the problem. I can't Uninstall squid using console but I can Uninstall it using web gui. I need to Uninstall it using console. Someone Can help me to find a solution. Thanks
  • B

    Vnstat2 Package Updated - Report/Feedback problems here.

    39
    0 Votes
    39 Posts
    8k Views
    B
    @petzi: @bryan.paradis: So you have received just one email from cron complaining that vnstat couldn`t create backups? Is it possible that the dyndns set the filesystem back to Read only after the vnstat script set it to read write and so it failed? This script gets run every minute by cron so I guess this may be possible that the timing just aligned perfectly. I've no idea. Probably mounting rw/ro isn't logged. If it happened only once? It must have been the fluke lining up of filesystem getting switched back after the rw call was made by the script.
  • D

    HAVP and PfBlocker - Malfunction ? Else ?

    1
    0 Votes
    1 Posts
    756 Views
    No one has replied
  • bmeeksB

    NEW – Suricata 1.4.6 pkg v0.1 BETA package released

    36
    0 Votes
    36 Posts
    8k Views
    bmeeksB
    @JWTrance: Thanks for the new Suri package, been looking forward to this for a bit. :) Feel free to disregard, but I was wondering how hard it would be to implement an options tab similar to the oldschool Snort IDSControl Center (see example) [image: snortoptions.jpg] I like the idea of being able to quick select options for a custom starting command line and then being able to save that Suri/Snort profile for later use. Be on the lookout for a substantial update to the Suricata package to be posted sometime over the next few days. I will be submitting the Pull Request shortly.  This will be version v0.2-BETA of the package.  There are lots of bug fixes and some other enhancements (such as an included Dashboard Widget, better rule update management and logging, and a Bro output option for Barnyard2). As for some control over command-line options, that is certainly possible.  Right now a fair number of parameters are configurable in the GUI and then provided to the Suricata binary via the suricata.yaml conf file.  Are there some Suricata-specific command-line options you need that are not available in the GUI?  If so, post a list and I will see what I can do. Bill
  • U

    HAVP antivirus wont start;

    2
    0 Votes
    2 Posts
    1k Views
    U
    Bump? Really want to have this working, It worked before hand on my netbook setup, but not now ? :(
  • D

    Unbound denies queries from IPsec clients…

    6
    0 Votes
    6 Posts
    1k Views
    W
    yeah and the other vpns.
  • O

    Detection Ultrasurf's traffic

    3
    0 Votes
    3 Posts
    2k Views
    D
    dont work! I think I have the wrong or your system dosent work I've addes my screenshoots. [image: snort_log1.jpg] [image: snort_log1.jpg_thumb] [image: snort_log2.jpg] [image: snort_log2.jpg_thumb]
  • ?

    HAVP service doesn't start

    16
    0 Votes
    16 Posts
    8k Views
    ?
    It works now in standard and parent mode. my problem was slow download process at update time.
  • B

    Reverse Proxy Using Squid

    1
    0 Votes
    1 Posts
    797 Views
    No one has replied
  • L

    Squid 3.4?

    1
    0 Votes
    1 Posts
    853 Views
    No one has replied
  • S

    Squid 3.3.10 error

    5
    0 Votes
    5 Posts
    1k Views
    B
    https://forum.pfsense.org/index.php?action=post;quote=398495;topic=43687.270 @serialdie: Under –- System ----- User Manager Add the user clamav. Worked for me.
  • B

    Voip server in ALIX

    1
    0 Votes
    1 Posts
    631 Views
    No one has replied
  • B

    Need to update file on http://files.pfsense.org (vnstat2 php front end)

    27
    0 Votes
    27 Posts
    7k Views
    A
    woo hoo! thanks!
  • W

    Unable to communicate to the pfsense package server

    4
    0 Votes
    4 Posts
    2k Views
    B
    Did you have it set to GW on your LAN? Or Like was your interface setup?
  • D

    Tftp not working (clean install of pfsense)

    2
    0 Votes
    2 Posts
    1k Views
    D
    After further review of older threads I noticed that tftpd was listening on 127.0.0.1  I added an internal UDP portforward to 69 and everything works now.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.