1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi again, an once again sorry to bother. Also, the Peer can ping the Server IP but not the Wireguard IP, same with I try to ping from Wireguard the peer - not successful. Other question is, if the handshake is successful should not this work?
Log in to post
Load new posts
  • W

    This might mean something...

    2
    0 Votes
    2 Posts
    469 Views
    W
    I screwed up here, this should be part of Bind upgrade producing errors on pfsense 2.5 upgrade
  • M

    Telegraf Not Showing in Additional Packages on SG-1100 w/ 2.4.5

    5
    1 Votes
    5 Posts
    883 Views
    styxlS
    @parithosh i am not aware of an easy way to recompile the code, you can probably check with the influx folks on github - https://github.com/influxdata/telegraf
  • J

    Service Watchdog and updates

    1
    1 Votes
    1 Posts
    402 Views
    No one has replied
  • M

    FreeFadius TOTP Session Timeout by default disconnects after one hour and apparently can't be changed

    5
    1
    0 Votes
    5 Posts
    811 Views
    M
    @viktor_g said in FreeFadius TOTP Session Timeout by default disconnects after one hour and apparently can't be changed: @maartenv Please check it with the latest FreeRADIUS pkg version first Hello Viktor, I upgraded Freeradius, but the Timeout problem is still there.
  • SweetyS

    Is it possible to exempt certain sites from filtering and logs (HTTP/HTTPS) ? (Squid, SquidGuard)

    3
    0 Votes
    3 Posts
    597 Views
    SweetyS
    @mike123 Ok thanks !
  • B

    This topic is deleted!

    1
    0 Votes
    1 Posts
    6 Views
    No one has replied
  • D

    Potential bug found with apcupsd package (version 0.3.91_8) and configuring it in the webconfigurator (on pfSense Version 2.4.5-RELEASE-p1 on AMD64)

    13
    0 Votes
    13 Posts
    2k Views
    R
    @digitaljessica Try entering a space in the USB Type field. For some reason that passes input validation and allows you to save the config settings.
  • A

    openvpn-client-export not exporting correctly

    5
    0 Votes
    5 Posts
    2k Views
    bingo600B
    @huseby_lucas I would expect it to be your "PC / Remote client" that is a 2.4.xx version. You could download an upgrade from OpenVPN.
  • M

    Squid "The requested URL could not be retrieved"

    1
    4
    0 Votes
    1 Posts
    224 Views
    No one has replied
  • J

    pfsense squidguard acl group does not work after upgrade.

    1
    0 Votes
    1 Posts
    204 Views
    No one has replied
  • SweetyS

    SSL Error transparent proxy (Squid)

    6
    0 Votes
    6 Posts
    2k Views
    SweetyS
    @viktor_g That's not working, I didn't have any solution... Does I have to install a WPAD on each client or a CERT ? My config is : Windows Server : 192.168.0.2 Hyper-V : 192.168.0.5 WAN : 192.168.3.2 (gateway : 192.168.3.1) LAN : 192.168.0.249
  • S

    Restarting OpenVPN Service randomly via cron job?

    1
    0 Votes
    1 Posts
    350 Views
    No one has replied
  • G

    Freeradius assign IP address question

    1
    0 Votes
    1 Posts
    226 Views
    No one has replied
  • C

    APC Status Widget

    15
    0 Votes
    15 Posts
    2k Views
    fireodoF
    @carver said in APC Status Widget: @fireodo Thanks for sending yours. You're welcome! I changed his original to the info I wanted to see on my firewall. I am going to try and test it today and make sure all aspects of it work. It is obvious after looking at his coding I don’t have a clue what I am doing. I am too old school........grin In fact its important that you get what you want! Regards, fireodo
  • D

    Error updating packages

    2
    2
    0 Votes
    2 Posts
    352 Views
    fireodoF
    @dave-opc https://forum.netgate.com/topic/160362/certificate-error-while-running-pkg-update/
  • S

    FreeRADIUS latest package upgrade

    25
    0 Votes
    25 Posts
    2k Views
    johnpozJ
    Ok - so that was an issue that it would auth, even without users in the freerad users.. And you fixed that. So now I just add them that match the CN on the certs.. Not a big deal.. Thanks!! All back to working for my 3 devices.. And it does make sense.. That users should also have to be listed in freerad to match the CN on the cert. And - makes it easy to just delete a user vs worried about revoking a cert, etc. etc.. Thanks again for looking into this so quickly and link to the other bug that was fixed.. That was causing my problem. edit: Project for this weekend maybe is moving to eap-tls via wpa3-enterprise.. I got wpa3 working on my psk ssids.. But have to do some reading - Not sure wpa3-enterprise really gets me all that much over wpa2-enterprise.. Can use a higher level encryption sure.. But not sure if makes any sense when using eap-tls.. Some reading to do.. But wpa3-psk is working nice.. Sad part is - with all these shitty iot devices, that don't support wpa3, you have to still run in wpa2/wpa3 mode..
  • N

    tinc and UDP

    3
    0 Votes
    3 Posts
    863 Views
    N
    @viktor_g I had that. I left out one key bit of information which I was unaware was relevant at the time: That is, my SG-3100 was running multiWAN and my Tomato router was behind it. I had issues with NAT reflection requirements that I did not sort out completely before giving up on that configuration. I moved the Tomato router from behind the SG-3100 and put it directly on it's own WAN connection and then the Tinc UDP flowed fine in both directions. How was the bandwidth using iperf3? Not great. At 15mbps the single core of the Tomato router (an Asus RT-AC66U) was maxed out while one of the cores of the SG-3100 never exceeded 16% running tincd.
  • J

    FreeRadius Sync?

    5
    0 Votes
    5 Posts
    1k Views
    J
    @jeffscott Oh... Duh, I get it... I didn't realize "configured backup server" was actually using the HA setup... Thanks for the clarification!
  • N

    Can SquidGuard work without wpad or manual proxy setup on a client?

    8
    0 Votes
    8 Posts
    2k Views
    I
    @nick-loenders If you do not have servers, is it safe to assume there are minimal amount of clients? You can create the CA on the pfsense firewall and then export that certificate and install it in the root store of the devices in order to use SquidGuard with HTTPS/MITM functionality. Otherwise SquidGuard has to be configured as a proxy to use HTTPS filtering. The HTTP filtering alone doesn't require further client configurations but most connections these days are through SSL. Otherwise, you can configure the pfsense as DNS unbound resolver and utilize pfBlockerNG which can block TLD's, and connections based on source country/region (DNSBL). pfBlocker will also let you utilize lists such as Dshield and Spamhaus to filter out bad sites and domains by IP address. Short of all that 'hassle', you might be more interested in a next-gen layer 7 firewall from a different vendor, but they are considerably more expensive and require maintenance contracts to continue functioning properly.
  • R

    Install packages offline

    7
    0 Votes
    7 Posts
    7k Views
    R
    @bmeeks Thank you for the link! I am not the OP but was interested in the topic.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.