1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    A
    @GPz1100 I ran into this same exact issue. I don't have the Prefer IPv4 over IPv6 box checked, but I do have IPv6 enabled. I think the real issue is that Let's Encrypt's server seems to respond with "Recv failure: Connection reset by peer" on almost every request when using IPv6. I tested this by using the command curl -v https://acme-v02.api.letsencrypt.org/directory from pfsense's shell. To work around it, I modified the ACME script as you described. In the file /usr/local/pkg/acme/acme.sh, I updated line 1887 from: _ACME_CURL="curl --silent --dump-header $HTTP_HEADER " to: _ACME_CURL="curl -4 --silent --dump-header $HTTP_HEADER " After forcing curl to use IPv4, both certificate registration and renewal from the acme package started working again without issue.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • L

    Did something change recently with snort output? (alerts)

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • M

    Squid + squidguard + havp and radioparadise streaming.

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    M
    Hi Again… False positive , yesterday from denmark , the radio was very hard to reach , but today it's just fine...   Sorry from my incompentence.... /Best Michael
  • C

    Mod Security (Reverse proxy with SSL)

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    H
    Hello, I got it working. It seems it's not possible to do reverse proxy on 443 and 80. I had to remove port 80 to get it working. On proxy server settings is set port to bind to 443. I removed  the port 80 site proxy (with a config for port 80 and 443 it didn't work). You have to enter the file name only for certificate files (with full path it will search for /usr/local/apache22/etc/usr/local/apache22/etc/cert_file according to the log) So i think there is a typo in the path they given under the option. You have to put your certificate files in /usr/local/etc/apache22/ instead of /usr/local/apache22/etc/ When you add full path name apache will not run and there is no proxy at all. You must not add a port forward in the NAT Greetings.
  • V

    Changing $HOME_NET in Snort

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • R

    Lcdproc hd44780 rs-232 error

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R
    Thanks Michele, I installed the beta LCDproc pkg, and my service started!  ;),  these are the settings I have now, [image: 8hIW9.png] which is great but I still see no activity on the lcd itself when the service started it created this .conf file : [server] DriverPath=/usr/local/lib/lcdproc/ Driver=CFontz Bind=127.0.0.1 Port=13666 ReportLevel=3 ReportToSyslog=yes User=nobody Foreground=no ServerScreen=no GoodBye="Thanks for using" GoodBye="    pfSense     " WaitTime=2 ToggleRotateKey=Enter PrevScreenKey=Left NextScreenKey=Right ScrollUpKey=Up ScrollDownKey=Down [menu] MenuKey=Escape EnterKey=Enter UpKey=Up DownKey=Down [CFontz] Device=/dev/cuau1 Size=16x2 Contrast=350 Brightness=1000 OffBrightness=50 NewFirmware=no Reboot=no " here is what my logs say about the LCD: [image: 0jrZM.png] I've tried changing port speeds, content, but no luck…any clues ? Thanks
  • M

    Squid 3 HTTPS (ssl connect) pages loading slowly / after retries

    Locked
    7
    0 Votes
    7 Posts
    19k Views
    marcellocM
    I've included this dns_v4_first option on squid3 pkg v 2.0.5_4 general tab. [image: squid3_dns_v4_first.png] [image: squid3_dns_v4_first.png_thumb]
  • C

    Country IP Blocks is considering offering free ACLs to pfblocker users

    Locked
    14
    0 Votes
    14 Posts
    7k Views
    L
    @CIPB: It's always worth discussing in order to see what can be worked out. Possibilities: Allowing pfBlocker devs occasional access to freshen up the lists in pfBlocker. Allowing individual pfBlocker users to register w/ CIPB and receive some sort of list access in return. Allowing pfBlocker to regain it's former access to CIPB lists, in trade for publishing a CIPB logo/badge on the pfBlocker tab/page in pfSense. (Probably needs approval by marcello/tommyboy and/or others) That's what I have off the top of my head.
  • M

    Help with ntop please!

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • H

    SNORT 2.9.2.3 WONT START AFTER UPGRADE

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    P
    Hi, I have the same (similar) problem. When I enter [2.0.1-RELEASE][admin@fire.box]/root(2): /usr/local/etc/rc.d/snort.sh start I get the following error message pgrep: Pidfile `/var/run/snort_pppoe03086.pid' is empty Any clue? Matthias
  • M

    Broken pfsense by installing freeradius2 and how to recover?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    M
    Thanks a lot for the hint regarding the conf/config.xml . I did not know pfsense can be configured with the help of only this file :O and that it is versioned automatically (now i have also found the corresponding backup/restore option in the web interface). Had a whole bunch of old config files and after reseting to factory defaults i could again connect to the web-interface and from there (what i really liked) load one of the old configs from which i knew they worked. Great!
  • A

    [help] Setup reverse proxy with authentication

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A
    Actually don't worry, I setup a IPSec vpn instead
  • gwhynottG

    Package request - xymon

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    gwhynottG
    @SeventhSon: Looks cool, might be handy in some situations :) If you hacked it into pfSense, can you give us an idea what you needed to do to get it running? sure but its standard stuff.. 1. log into via ssh,  drop to the cli 2. type:  setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/ 3. type: pkg_add -r xymon-client then you can configure it. -g
  • B

    SquidGuard Blocking Issue

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    B
    Thanks for the document , I have noticed it.. and it works fine now ../ sorry for asking such trivial question
  • K

    New Snort Package - Issues & Suggested Fixes

    Locked
    20
    0 Votes
    20 Posts
    22k Views
    H
    (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE suppress gen_id 120, sig_id 3 (http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED suppress gen_id 120, sig_id 6 (http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE suppress gen_id 120, sig_id 8 (smtp) Base64 Decoding failed. suppress gen_id 124, sig_id 10 (smtp) Quoted-Printable Decoding failed suppress gen_id 124, sig_id 11 (smtp) 7bit/8bit/binary/text Extraction failed. suppress gen_id 124, sig_id 12 Thank You I also received those http_inspect alerts. Pfsense 2.0.1 X64 + Snort 2.9.2.3 pkg v. 2.5.1 I also had to add these as well: #(http_inspect) UNKNOWN METHOD - 0 suppress gen_id 119, sig_id 31 #(http_inspect) SIMPLE REQUEST suppress gen_id 119, sig_id 32
  • perikoP

    Squid wpad and android issue.

    Locked
    4
    0 Votes
    4 Posts
    7k Views
    jimpJ
    The Opera browser supports adding a proxy in (See opera:config) but it doesn't seem to support autoconfigure. Firefox has options for it in about:config
  • _

    Snort reinstall and new failing: libpcre.so.1: unsupported file layout

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    H
    @jimp: Try this: uninstall, then from the shell: pkg_delete -f snort* pcre* Then try to reinstall. I checked the version of PCRE on the package server, and the one required by snort is built for amd64 so I'm not sure how you'd have pulled in the wrong one. THANK YOU VERY MUCH! your instructions helped me to get Snort Running again  :D I'm running Pfsense 2.0.1 X64 with Snort 2.9.2.3 Pkg 2.5.1 Link to my post: http://forum.pfsense.org/index.php/topic,52854.0.html Thanks again
  • U

    Squid & Squid Guard not starting after install

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    P
    The minimum pfSense version required for Squid is now 2.0.n I guess that the 1.2.3 package installer code doesn't have the code to check that, so it let you install it. The code in squid.inc is checking for version "2.0" to use pkg install dir names, it assumes that if you are not on 2.0.n that you are on a later version e.g. 2.1-BETA0 which uses pbi installer. So you are getting those messages about it trying to find dirs with "pbi" in the name. I would advise installing pfSense 2.0.1 and then install packages…
  • F

    SquidGuard doesn't obey safesearch settings

    Locked
    1
    0 Votes
    1 Posts
    962 Views
    No one has replied
  • N

    2.0.1 - Snort won't start - New Install

    Locked
    24
    0 Votes
    24 Posts
    12k Views
    B
    Bumping this thread. I updated to 2.1-dev from 2.0.1 a couple of days ago. Using AMD64 build with the latest packages. Snort won't start with the configuration I had setup from before. Error message is the FATAL ERROR: Failed to initialize dynamic preprocessor: SF_DNS (IPV6) version 1.1.4 (-2) which definitely means it's having an issue with the IPv6 part of "Enable DNS Detection" preprocessor. Only catch is that if you disable the preprocessor, it's not actually disabling it. Steps to reproduce: Create a new snort interface (Defaults are fine) enable snort. Everything works fine. Disable snort. Edit the interface, go to the preprocessors tab, check the box for "Enable DNS Detection" and save the changes Try enabling snort again, and it crashes with the error message. Edit the interface, go to the preprocessors tab, uncheck the box for "Enable DNS Detection" and save the changes Try to start snort again, and the error message still appears. You can keep creating new rules and they will keep working as long as you don't enable that preprocessor. I was able to enable the HTTP inspect one, need to test the others yet.
  • L

    Configpath

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    L
    Thanks marcelloc, I've looked at the ipguard xml in addition to squid and spamd. In the ipguard xml, the only difference appears to be the format (I've seen both formats out there so I assume both are valid). <configpath>['installedpackages']['syslogngobjects']['config']</configpath> VS. <configpath>installedpackages->package->ipguard</configpath> Is my understanding correct, that I can provide a custom configpath (one that differs from the name of the syslogng_advanced.xml file) and expect pfSense to put the config in the respective area of the config.xml file?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.