1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @netboy Things you can test : Leave pfBlockerng enabled, but : Remove all IP lists. De activate all DNSBL lists : you can do that by un checking : [image: 1762169315597-16b7ab6f-b38d-4c9b-8201-07756bb1a081-image.png] Btw : You use the "Unbound Python mode", right ? When DNS fails to work for your LAN devices, check 'manually' : C:\Users\Gauche>nslookup google.com Serveur : pfSense.bhf.tld Address: 2a01:cb19:907:dead:beef:92ec:77ff:fe29:392c Réponse ne faisant pas autorité : Nom : google.com Addresses: 2001:4860:4802:32::78 216.239.38.120 This tells me my LAN (windows) device was using the pfSense LAN IPv6 = 2a01:cb19:907:dead:beef:92ec:77ff:fe29:392c (for IPv4 this would be 192.168.1.1) - so I know that my device is using pfSense, the resolver, as it DNS source. I got an answer, so I know the resolver did its work. If no answer, go console or SSH of pfSense and check there : [25.07.1-RELEASE][root@pfSense.bhf.tld]/root: dig @127.0.0.1 google.com +short 216.239.38.120 This shows me that @127.0.0.1 (pfSense localhost) answered, as the resolver listens on every LAN interface and also localhost. This : [25.07.1-RELEASE][root@pfSense.bhf.tld]/root: dig @192.168.1.1 google.com +short 216.239.38.120 as my pfSense uses the default 192.168.1.1/24 LAN IP. If no answer : then the resolver isn't running, and that's 'not normal'. Starting it : [image: 1762169873517-560068d3-a229-4bde-8701-0d05a0b31cd9-image.png] would resolve the issue right away. Left to discover : why does your revolver (unbound) process dies ? edit : Also logical : we all use the same 'code' : [image: 1762169997506-667f8b72-cc12-4959-bbf3-660d23e9b5cf-image.png] ( I'm using 25.07.1 on a 4100 ) 'all' is probably a couple of hundred thousand pfBlockerng users using 2.8.1 or 25.07.1 and the latest pfBlockerng version. The only thing that is different for all of us : our settings ... This requalifies the problem from : "is something wrong with pfBlockerNG?" to a more mangeable "is something wrong with my pfBlockerNG?". And as it is already known that we all use the same "pfBlockerNG", the issue reduces further to "What wrong with my (pfBlockerNG) settings?". So : tell us all about your pfBlockerNG and DNS (!) settings, and we might be able to tell you what's wrong

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    F
    I didn't say you should remove the override.ups.delay.shutdown directive, I said you should remove the ignorelb directive. Ok, I will test without ignorelb directive. Also, you do not have anything in the Advanced settings section, correct? Yes As to running a calibration test, consult your UPS manual or support from the manufacturer of your UPS. I find anything I will search tomorow

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    @chpalmer okay so here is the update. I was able to get all my wireguard servers handshaking, my two personal tunnels and my one nord. I have full access to to my lan with my personal tunnels but I now dont have nord routing any traffic through its tunnel. I try to make a lan rule route one ip through nord and make one NAT rule and nothing. I lose internet on my one ip when I try and make a rule to use the nordvpn gateway
Log in to post
Load new posts
  • V

    Snort and syslog.

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    S
    @vleinone: Hi, True if you mean "Diagnostics: System logs: System" page, but it send only blocked information, not full alert (right). I want to send syslog "Services: Snort: Snort Alerts" page information. Br, Ville Oh okay, yeah that won't work currently.
  • B

    OpenNTPd starts more than once, then dies

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    UPnP - Service stops itself?

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    R
    Glad you got the update installed successfully. Let me know if you still have issues with miniupnpd. The error message from the log when it happens, and what you did or program you were using to make that error occur is what I need. Otherwise I'm shooting in the dark on where problem is.
  • T

    Snort doesn't seem to sync to slave members

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • J

    Snort Rules & Selective Blocking

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Y
    Yes it can be done in pfSense. It would be possible to specify which categories are to be blocked. I might do this soon when I get some free time.
  • L

    Miniupnpd device access wrong

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    R
    Good find. I have added the code to correctly set the webgui url in miniupnpd. Please update by doing the following and let me know how it works for you. From the console choose option 8 shell. Type the following command. fetch -o - http://wgnrs.dynalias.com:81/pfsense/miniupnpd/sh-update-miniupnpd.sh | sh - After that completes goto the miniupnpd settings page in the webgui and click change. This will rebuild the miniupnpd config and restart miniupnpd.
  • belleraB

    Spamd does'nt work after clean installation

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    belleraB
    Ok, I found the problem … spamd only starts if you put an item at "SpamD: External Sources" ... Best regards, Josep Pujadas
  • ?

    FreeRadius Package Install Failed

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    J
    Not sure what is happening, but I can't seem to install freeradius via the package manager in the GUI now.  This is the error I recieve: Downloading package configuration file… done. Saving updated package information... done. Downloading freeradius and its dependencies... done. Checking for successful package installation... failed! Installation aborted. When I try to execute a pkg_add -r freeradius in the gui like I had done previously, this seems to hang too.  I did notice looking on the freebsd ports site that they have moved to freeradius-1.1.4_1.  Not real sure what to think of it just yet, but if anyone has a solution please let me know, I'll continue working with it on my end.
  • I

    Bandwidthd from SourceForge

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    JeGrJ
    I would suggest posting in the other thread (where all other package and bug related questions are found). :)
  • O

    Block Extension - Squid

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    O
    I set manually, but is dangerous, because the rules of webGui is different.  =/
  • belleraB

    Spamd

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    Cannot start OpenNTPD time server, no helpful logs

    Locked
    7
    0 Votes
    7 Posts
    7k Views
    T
    @sullrich: Do you have the OpenNTPD package installed as well? I'm not sure what you mean in saying "as well"…are there two OpenNTPD services? I'm talking about the OpenNTPD package that can be installed as an extra and used as an NTP Server to provide NTP to the network, which would then allow me to synchronize client computers with pfSense. That is what I have installed and what is not starting for some reason. I suppose there is an NTP client in pfSense that synchronizes with internet servers (e.g. pool.ntp.org), so that may be causing the confusion, but that part of pfSense seems to be working great and is not in question... But maybe neither is working...?
  • G

    Run ntop at startup

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    G
    anyway this is not so imp. Ntop is not so good. I`ve noticed that it shows only some kind of traffic.For ex. DC++ is not shown only bittorent and edonkey.Maybe is configured to do this.
  • R

    Proxy logs

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    J
    the best place to find the logs and view these stats is under /var/squid/logs/access.log and cache.log, the later being the more helpful of the two.  If you view it in vi you can use shift G to jump to the end of the file where the most recent entries are.
  • S

    DNS Server package + failover

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    S
    Everyone who has been approved should now see a NEW DNS Server testing forum area.  Please visit and lets continue testing there. Thanks
  • N

    Squid: flush the cache

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    ?
    there's not an easy way to do it.  The best way, from the command line is to delete the squid cache manually and then run squid -z which will rebuild it.
  • G

    Stupid squid

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    jahonixJ
    @ginosteel: You can not run squid on the same port as the webgui Then you are in transparent proxy mode which is on port 80 by definition. Set the WebGUI of pfSense to :81 or change to HTTPS on :443 and this error message will go away. Alternatively turn off transparent proxying and you get access to squid only on the specified port.
  • M

    Imspector problems.

    Locked
    7
    0 Votes
    7 Posts
    5k Views
    M
    actually when those errors happened i believe only Miranda IM with AIM Oscar and ICQ plugins was running. another computer has http://x.aim.com/laim/ but it wasn't on.
  • P

    Snort not working for me (again)

    Locked
    30
    0 Votes
    30 Posts
    10k Views
    P
    OK, found and fixed the problem. If you have a wireless connection (opt1) bridged with LAN and you leave the IP address blank in the IP configuration box on the opt1 interface it causes the problems I was having. You have to un-bridge the connection put a (fake?) ip address in and then re-bridge the connection. That seems to fix it, although I need to give it a proper test
  • N

    Snort Feature Request: Advanced Options text field.

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S
    @Numbski: Thanks Scott, on a Sunday no less.  :o I've been working all weekend on pfSense anyways, no biggie.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.