1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: @ha11oga11o if you resolve nextcloud.mydomain.xx to your external IP, ie the same one public people do then it would be handled by your haproxy. Example I have ssl offloading for external users for the public fqdn something.mydomain.tld - this resolves externally to my public IP that hits pfsense wan, this also resolves to my public IP when on my local network, so again haproxy handles the ssl, etc. But if I wanted or needed to access that directly on my local lan then I use its name.home.arpa:port that the service is on that doesn't do ssl, etc. What is the point of using the same fqdn internally and externally? What do you think that gets you other than issues? On this case problem is that phone nextcloud client hangs when switching out and in. Simply cannot be used when inside LAN. Well, it can be used either out or in. But to switch it it needs to be totally reset and sync. It remember which connection is allowed, at which cert. And sticks on that. Basically its useless until i sort this out to behave exactly same out and in. I cant believe no one had similar issue at home lab self hosted?? Im sure someone had need to do things like this? Thank you again.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    C
    Hi folks, Whenever I try to access a DNSBL blocked root domain it shows the block page but the moment it gets into a subfolder or file in the domain it only shows 1x1 px page. Meaning http://detectportal.firefox.com/ redirects to the DNSBL blockpage with the blocked domain info "This website detectportal.firefox.com has been blocked by the Network Administrator!" but if I try http://detectportal.firefox.com/canonical.html http://detectportal.firefox.com/success.txt http://detectportal.firefox.com/justatest it only shows 1x1pixel Is this by design? Is there anything I can do to make the rest of the pages show the alert? Regards

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • P

    Cannot install any package on pfsense.

    Locked
    4
    0 Votes
    4 Posts
    8k Views
    S
    Check DNS resolution from the firewall itself.
  • H

    Any body using free billing system with pf?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • H

    SPAMD can't be installed !

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    B
    This box is in a live enviorment and SquidD will not install this is a copy of the logs. This box is on 1.0.1 The isntall is fresh as of today. cat pkg_mgr_spamd.log Beginning package installation. Downloading package configuration file… Adding text to file /etc/syslog.conf spamd-3.7_3 Array ( [0] => tar: Error opening archive: Empty input file: Inappropriate file type or format [1] => pkg_add: tar extract of /tmp/apkg_spamd-3.7_3.tbz failed! [2] => pkg_add: unable to extract table of contents file from '/tmp/apkg_spamd-3.7_3.tbz' - not a package? [3] => pkg_add: 1 package addition(s) failed ) Package WAS NOT installed properly.
  • D

    Alt_pkg - easy testing new packages

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • H

    Upstream proxy not working properly

    Locked
    9
    0 Votes
    9 Posts
    11k Views
    H
    hi yes i set my isp proxy and the setup came as follows cache_peer 212.93.193.87 parent 8080 7 no-query. still a box asking for the user name and password to access the requested site appears. if it is possible that my clients can see and pass the captive portal page when they point to the isp's proxy in the their browser, this would solve my problem as well. but putting the isp proxy in the upstream solution is preferable. thanks for your support
  • S

    Faq into Snort modes

    Locked
    6
    0 Votes
    6 Posts
    12k Views
    belleraB
    Ok!
  • D

    2 Squid proxy questions

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • H

    FTP Issue for NAT 1:1

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S
    On the incoming interface, yes.  Most likely LAN.
  • J

    Sarg package

    Locked
    14
    0 Votes
    14 Posts
    13k Views
    A
    Hi! Could you post a quick instruction about how to install your test package in pfSense? Tks!
  • M

    Manually edit squid.conf

    Locked
    5
    0 Votes
    5 Posts
    59k Views
    D
    Set him as '/squid.conf.gui' for example, but you must manually configure squid.conf file
  • belleraB

    Expiretable snort2c is 1800 instead than 3600 as GUI interface says

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    Thanks, fixed.
  • R

    FreeRADIUS, PEAP and Shortnames help

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • C

    SpamD Blacklist issues….

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    Transparent Squid and Citrix ICA-XML

    Locked
    4
    0 Votes
    4 Posts
    11k Views
    M
    Tried modifying the squid.conf through the web interface, however on service restart my changes were gone.  Where must I make the change mentioned above to have it stick in the config?
  • belleraB

    Snort2c and whitelist CIDR

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • M

    Snort rules after updating pfSense

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    S
    Known issue.  Nobody is addressing it ATM. Start a bounty if it is important and timely.
  • L

    Squid and dual WAN

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    L
    @sullrich: There are no solutions to this issue as of yet. Thanks. I also searched for a way to add a "weight" to my outgoing balancing (I have an 1 Mbit and a 2 mbit connection) but found no solution. Did I miss something other than policy based routing? Again LoZio
  • T

    Per user bandwidth

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    ?
    we use monowall in bridge mode works great just place it in between pfsense and root ap
  • S

    SquidGuard…

    Locked
    18
    0 Votes
    18 Posts
    9k Views
    D
    Package created. Look this topic for installation. http://forum.pfsense.org/index.php/topic,3111.msg28544.html#msg28544
  • N

    How to install SquidGuard ??

    Locked
    13
    0 Votes
    13 Posts
    5k Views
    J
    There is a version available that is being tested ATM.  I have used it and feel that it works pretty well.  See this post: http://forum.pfsense.org/index.php/topic,3111.15.html Its a little complex, but it should work unless the creator has pulled his files off the web!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.