1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    R
    hey forum. maybe someone can help me with pfBlocker. I have this nice overview on pfsense mainpage but it logs nothing. [image: 1754330105763-overview.png] I found a related thread that never got resolved however https://forum.netgate.com/topic/175045/pfblockerng-not-logging-everything Is this normal behaviour? I am using the default out of the box settings here. When doing a nslookup of a blocked domain I seem to be getting the correct response. nslookup c.bing.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: c.bing.com Address: 10.10.10.1 But I don't see anything logged in the main tab. Do I need to change something in this setting here: Global Logging/Blocking Mode By default it is set to "No Global Mode" [image: 1754330032261-stats.png] Under alerts I see my nslookups but it only shows "unknown" and not the actual website. I also expect more than just this to show up here when browsing the web. What do i need to change to get this to resolve properly? I have searched already and couldn't find a good answer. I am using Unbound btw. and this under general setup: [image: 1754330288353-dns-settings.png]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    582 Posts
    dennypageD
    @Gertjan said in can I install a FreeBSD 14 pkg on a FreeBSD 15 pfSense?: If the package contains binaries : forget it. The ABI is different. It's not a hard and fast rule like that. It depends upon what the binary is, what dependencies it has, and how everything was compiled. I am currently running a binary package, which was built on FreeBSD 14.2-RELEASE, on pfSense 25.07 (FreeBSD 15.0-CURRENT) without issue.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    F
    Hi again, to be honest: I guess, I did not remember exactly what I did 2 years ago. May I was mistaken by the interface name opt2 because the SG-3100 has a physical port OPT1 and I mixed up physical and virtual names. The goal was to use 2 different tunnels, one for the mobile clients and one for the site-2-site connection. And now all is running in that way . Regards
Log in to post
Load new posts
  • H

    Bug Pfsense 2.4.1 Freeradius 0.15.1 OTP Google Authentcation is not working

    8
    0 Votes
    8 Posts
    3k Views
    B
    This is what happens when the Shared Secret key does now match ;)
  • O

    Configure NUT to only monitor and do nothing?

    2
    0 Votes
    2 Posts
    611 Views
    dennypageD
    You cannot configure NUT such that it will not attempt to perform a shutdown. You could configure a shutdown command that doesn't do anything by adding the following line in the "Additional configuration lines for upsmon.conf" section: SHUTDOWNCMD /bin/echo Note however that NUT will still do everything but shutting down the system, including shutting down any slaves. I'm also unclear on how NUT will behave following the attempted shutdown. You may have to restart the service. In general however, I would not recommend the approach of trying to split the UPS between apcupsd and NUT. If you want NUT's monitoring, use NUT for the shutdown.
  • G

    FreeRADIUS 3.x package NTLM problem

    13
    0 Votes
    13 Posts
    4k Views
    A
    @Zizi: Hi, today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords". If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication" Is there any way to use non clear text password storage with working WPA-EAP? Same here.
  • M

    Email notifications fail - Service Watchdog

    6
    0 Votes
    6 Posts
    2k Views
    GertjanG
    @Mateh: Indeed. pfSense 2.4.3 running Service_Watchdogs 1.8.4. Settings from Notifications: E-Mail server: smtp.mailgun.org SMTP Port of e-Mail server: 465 Secure SMTP Connection: [tick] From e-mail address: my@email.com Notification E-mail address: my@email.com Notification E-Mail auth username: my@login.email Notification E-Mail auth password: mypass Notification E-Mail auth mechanism: PLAIN Looks fine to me. I have exactly the same thing, with one difference : I'm not using some mail supplier, but my own mail server on a delicate server on the Internet (so I have full control on both sides). You are using the right port (465 - which uses TLS from start) and you are identifying yourself correctly. If this goes wrong ones in a while, answers should by found by the one running "smtp.mailgun.com".
  • F

    Problem with freeradius

    2
    0 Votes
    2 Posts
    568 Views
    GertjanG
    Your last image : as per https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS - Section : Amount of Traffic the option "re-authenticate users every minute" should be set so the user gets disconnected. Otherwise your limit of "1200" (Mbytes) will not work … What I did to check / debug all this : I read this : https://doc.pfsense.org/index.php/Testing_FreeRADIUS This : https://doc.pfsense.org/index.php/Additional_Logging_for_FreeRADIUS (written for 2.x but useful). Also : when your setup is ok, goto    Status => Services STOP the radius daemon. Acces the console. Take option 8 - SSH access. Type``` radiusd -h Read … Find the option -X Use it ! Start radfius by hand using **radiusd -X** (or **radiusd -X -xx**) Now you have all the info - there should be no red lines. Keep this console window open. Now login with a user on the captive portal. The entire login info will be laid out, and it's easy to find what went wrong. Questions about what being shown , Normal. Radius is not some small program, it's huge, took me days of just reading this one https://fr.wikipedia.org/wiki/FreeRADIUS and many others. With manuals, Radius (FreeRadius) is useless. > I added a cronjobe << 0 0 * * * root / bin / rm / var / log / radacct / datacounter / day / used-bytes - * >> This won't work  :) For example, "day" doesn't exist. See image for my cron entries, I used the the cron package of course. ![cron.PNG_thumb](/public/_imported_attachments_/1/cron.PNG_thumb) ![cron.PNG](/public/_imported_attachments_/1/cron.PNG)
  • M

    WPAD error

    1
    0 Votes
    1 Posts
    507 Views
    No one has replied
  • D

    Telegraf / Influxdb

    2
    0 Votes
    2 Posts
    1k Views
    C
    Duplicate of https://forum.pfsense.org/index.php?topic=145991.msg796861#msg796861 and it's an upstream issue: https://redmine.pfsense.org/issues/8425#change-36362
  • A

    No Samba package on Pfsense?

    18
    0 Votes
    18 Posts
    3k Views
    ScottyDMS
    Forget pfSense and use FreeNAS instead. It too is built on FreeBSD. However FreeNAS needs RAM–8 GB minimum.
  • A

    Clamd problem

    1
    0 Votes
    1 Posts
    317 Views
    No one has replied
  • J

    Blocked Domain Reporting with Ntop

    1
    0 Votes
    1 Posts
    491 Views
    No one has replied
  • K

    FreeRadius3 EAP-TLS error

    4
    0 Votes
    4 Posts
    2k Views
    P
    this works, but revocation will not work. so if you revoke a cert, the authentication will still pass.  If you want to be able to revoke certs, and have free radius honor that, then follow what worked for me: I have found the workaround solutions posted in the forums, for free radius and a functioning CRL, do not quite work. The workarounds listed: https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls semi work.  The problem is, the manual changes are wiped away easily.  i.e. a change in the radius config (i.e. a user attribute), will cause the radius.conf and the cert files to be overwritten.  A little background on my system: -Free radius v3 -pfsense v2.42 p1 Now, i think i may have found a workaround, that is "sticky".  It follows the same method as listed in this thread (https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls), but instead of appending the CA/CRL in the same file via the CAT command, append the CRL via the pfsense GUI to the CA cert body.  This way, every time you reload freeradius, it reads form the PFSENSE Cert files, and now everything works. Also, i found if you configure sub CA's, free radius has issues with that.  So, a work around for that, is to: -create your root CA -create sub CA -create crl for sub ca -then, "import" a CA.  the cert body will be the root->sub->crl -create free radius server cert -in free radius, use the "import" CA, and the free radius server cert ..i found if you dont do this, free radius will error with error 19, self signed in the chain.  Understand the reason to use sub certs is for security, as i understand root CA's are designed to create sub CA's, not user or server certs.  This way, if sub CA is copromised, you dont have to recreate cert chain, just that particular sub ca. I dont claim to be a PKI expert, but the above worked for me. –-note, for revocation to work, you will have to re-paste the CRL info back into the "import" cert, and restart radius.  note, that restarting radius via the GUI, i.e services click the restart gear, does not work.  I found i needed to make a change to free radius, i.e change a setting in the eap config, save it, then set it back, svae it.  this seems to trigger a true radius restart. hope this helps
  • J

    CollectD goes off

    1
    0 Votes
    1 Posts
    547 Views
    No one has replied
  • R

    Manually loading packages

    2
    0 Votes
    2 Posts
    487 Views
    GertjanG
    @robert.herrmann: I am a noob using pfSense and freebsd, so please be gentle. pfSense is using FreeBSD is it's base OS. But differences exists : one of them is the package handling. @robert.herrmann: I have a pfSense installation running version 2.4.1.  This system does not have access to the internet.  :( Wait … Your posting on a public forum, right ? Bring your system along the next time - update - upgrade - done. @robert.herrmann: I would like to install freeradius but am struggling.  I have managed to download the .pbi (freeradius-2.2.5_3-i386.pbi) and get it copied into pfSense machine into the /tmp directory.  But I cannot seem to find a way to install this. This situation was mentioned some time ago. I guess it was completely abandoned. I guess you have to connect  it at least ones …. edit : wait ! I guess it possible - it probably a manual job, not or very badly documented. Get out of the noob phase and you'll be fine. I asked the world for advise ( pfsense install package without internet connection ) - it came back with https://forum.pfsense.org/index.php?topic=130966.0
  • J

    Pls develop this pkg for VPN proxy detection

    3
    0 Votes
    3 Posts
    691 Views
    J
    Thank you! I will take a look
  • Z

    FreeRadius 3 and OTP

    5
    0 Votes
    5 Posts
    2k Views
    S
    Hi there, I just registered to comment that I got OTP to work with PAP protocol only. Set it up in System > User Manager > Authentication Servers > your FreeRADIUS auth server > Server Settings > Protocol: PAP. Note that MS-CHAPv2 is the default option. I hope this helps someone!
  • SammyWooS

    SOLUTION: apcupsd to Minisys (ProtectLI) and APC Smart Serial Interface

    1
    0 Votes
    1 Posts
    816 Views
    No one has replied
  • S

    Stunnel enhancement.

    1
    0 Votes
    1 Posts
    560 Views
    No one has replied
  • B

    Block internet access for kids, but allow FaceTime (on port 80)

    11
    0 Votes
    11 Posts
    2k Views
    NogBadTheBadN
    Seems to work protocol any. I'd do the schedule like my second attachment, where 172.16.3.100 is the iDevice IP or an alias that contains multiple IP addresses. [image: Untitled.jpg] [image: Untitled.jpg_thumb] [image: Untitled.jpg_thumb] [image: Untitled.jpg]
  • B

    Mail Relay versus port forwarding

    4
    0 Votes
    4 Posts
    1k Views
    B
    @biggsy: I agree with pete35.  I used to run the postfix package on the firewall but there are some good reasons not to do that. What are the good reasons out of interest ? BA
  • D

    FreeRadius 3.x pfSense authentication with MD5-Password

    1
    0 Votes
    1 Posts
    572 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.