1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend overrides the behavior and makes backend changes apply immediately when reloading. I am also using the global GUI setting Force immediate stop of old process on reload. (closes existing connections). [image: 1754764767072-67de741e-7dbf-4766-8e17-1a550e6684b0-image.png]

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @rasputinthegreatest said in pfBlockerNG not logging anything by default?: its made up of multiple sources so it does make sense that it resolves some of these weird private hosts An public NTP pool like pool.ntp.org would not list host names with weird random paddings that reference local devices. "domaincontroller-gPHvwjYS.local,192.168.1.86" is a reverse PTR, and is requested by one of your local devices. Why , I don't know. @rasputinthegreatest said in pfBlockerNG not logging anything by default?: I find them in pfblockerNG dns_reply log under Logs No URLs there, only host names. [image: 1754736735409-c09607c2-c95a-4971-bdb4-f63fe08bebe8-image.png]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    594 Posts
    E
    @totalimpact Tailscale 1.54.0 is 2+ years out of date. Tailscale has made quite a number of changes since Tailscale 1.54.0, likely rendering it incompatible with their servers. I would consider manually updating the Tailscale FreeBSD package. FreshPorts does not maintain an archive of all the releases, only the latest compiled by the volunteer maintainers. The key to manually upgrading is knowing which FreeBSD version your pfSense release is running, i.e. 14 or 15. You can following along here.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    M
    This is still an issue as of 2.8.0 / 25.07, and it drives me crazy. Gateway failure works as expected, the wireguard tunnels will fail over to the backup gateway and continue on as normal, but will never recover once the failed gateway comes back online. While a reboot will (usually) fix it, I usually just go into my routing settings and mark the secondary gateway as down, forcing it to revert back to the primary... the users tend to dislike it when I reboot the firewall in the middle of the day
Log in to post
Load new posts
  • jimpJ

    MOVED: 2.3.4-p1 Breaks PFBlockerNG

    Locked
    1
    0 Votes
    1 Posts
    507 Views
    No one has replied
  • L

    Unable to install packages

    5
    0 Votes
    5 Posts
    1k Views
    jimpJ
    Nothing changed here recently, and there haven't been any outages. It's possible there was a problem somewhere between you and the package servers, however.
  • D

    Package nut + Eaton Protection800 connection lost and back twice a day

    7
    0 Votes
    7 Posts
    2k Views
    D
    I don't think about UPS issue, because it was plugged to a Windows station before and was reporting no communication error I'll try the 2 other USB ports to be sure, and change usb cable . Let's try external power hub too, i didn't try this yet. About the pollinterval=10 it's already in place. Thank you for your help and patience. I'll give a feeedback asap.
  • C

    Squid reverse proxy: limiting sending large files over HTTP

    2
    0 Votes
    2 Posts
    731 Views
    C
    Solved the issue. Really tried everything, but didn't succeed. Drived me nuts. For anyone having this issue too: Cloudflare has set some limit on the size of the requests: https://support.cloudflare.com/hc/en-us/articles/201303340-How-can-I-change-the-client-maximum-upload-size-  :-\ :-\ Cadish
  • dennypageD

    NUT info thread

    3
    0 Votes
    3 Posts
    520 Views
    dennypageD
    Thank you Jim!
  • C

    PfSense 2.3.4 with NUT 2.7.4_4 and Tripp Lite SMX500RT1U USB No matching HID UPS

    12
    0 Votes
    12 Posts
    4k Views
    dennypageD
    @communityuk: An Electrician caused a reboot by turning off the power on the clean side of the UPS! Anyway I removed the "user=root" and it works ok now. Awesome, thanks for letting me know. I'll see about adding an install warning for this next time I update the package. About the electrician though… sigh.
  • chudakC

    Squid and "Bypass Proxy for These Source IPs" question

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    You can't bypass them as a source and still also have them go through the proxy. The either go through the proxy or they do not. If you could identify the remote server(s) and bypass based on destination, then they could still have their traffic scanned going to other places. But if you want to AV scan the traffic that is also going to the place the camera is sending the video, that would not be possible.
  • K

    Squidguard and https

    3
    0 Votes
    3 Posts
    762 Views
    jimpJ
    You do not need to edit anything in the code/files. Just the GUI settings. Set the redirect type to "Ext URL Found" and then drop the full URL into your "Redirect Info" box. https://your.host.name/sgerror.php?url=403&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u That setting might be on your Common ACL or other ACL configurations.
  • P

    Migrating from TMG 2010 to HA-PROXY as a reverse Proxy issues

    4
    0 Votes
    4 Posts
    1k Views
    P
    In the status page for the SharePoint backend I get: Unauthorized. The site on SharePoint does allow anonymous access. Thanks
  • S

    SSO with LDAP Auth

    3
    0 Votes
    3 Posts
    1k Views
    B
    In my opinion it is not possible without additional components on the client-side. IMHO the best way is to join the domain with your pfsense and then use ntlm for squid-auth. If you look at commercial firewalls (like sophos) they do it the same way. If you want to do it with pfsense, you would have to use a third-party addon. (https://pf2ad.mundounix.com.br/). But unfortunately it is not recommended to use third-party addons on pfsense. It would be great if it could be added as an official package.
  • S

    Pfsense2.3.4 + squid-3.5.26 + squidguard-1.4_15

    2
    0 Votes
    2 Posts
    1k Views
    S
    Can anyone please assist me on this?
  • E

    Quagga, ospf and high availability

    2
    0 Votes
    2 Posts
    2k Views
    Q
    I've recently coded a GUI addition to the Quagga OSPF plugin for doing just this. I'll be submitting a pull request in Github in the next week or so as i finalize a few tweaks. This has really brought our HA router abilities to a new level and it's working well in our datacenters.
  • J

    Issue on radiusd.conf

    2
    0 Votes
    2 Posts
    534 Views
    jimpJ
    Is this with the FreeRADIUS 2.x package or FreeRADIUS 3.x? If it's with the 2.x package, uninstall it and then install the 3.x package. If it's with the 3.x package, you will need to be more specific about the problem: What options in the GUI are not being put into the configuration correctly? And what line, specifically, are you changing to correct the problem?
  • C

    Service watchdog says newer version available - I cannot update

    2
    0 Votes
    2 Posts
    467 Views
    DerelictD
    That is not telling you there is a newer version available. That is a legend. If Service Watchdog was in yellow there would be a newer version available. ![Screen Shot 2017-07-09 at 4.26.18 PM.png](/public/imported_attachments/1/Screen Shot 2017-07-09 at 4.26.18 PM.png) ![Screen Shot 2017-07-09 at 4.26.18 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-07-09 at 4.26.18 PM.png_thumb)
  • perikoP

    Squid3-dev sites issues with SSL3_GET_SERVER_CERTIFICATE

    2
    0 Votes
    2 Posts
    1k Views
    K
    If you change pFSense / Services / Squid Proxy Server / GEneral tab Then check the SSL Man In The Middle Filtering area and change the SSL/MITM Mode from Splice WhiteList, Bumb OtherWise to the Splice ALL the problem can be solve with a this shape. OR With a default value of the SSL/MITM Mode with Splice WhiteList, Bumb OtherWise you can goto ACLs atb and add desıred web site url to the WhiteList area ie: online.kktcmaliye.com
  • E

    Upgrade to Free Radius 3

    3
    0 Votes
    3 Posts
    2k Views
    E
    Great! Thx!
  • A

    Trouble Configuring Avahi

    6
    0 Votes
    6 Posts
    1k Views
    A
    @NogBadTheBad: Shouldn't your edge ports be untagges vlan 101 ? In the Netgear switch, the 6th port, which is connected to airport extreme,  is UT101 and the 1st port,which connected to Firewall,  is 101T.
  • V

    HA Proxy - Shared TCP?

    2
    0 Votes
    2 Posts
    596 Views
    S
    No, you can't do that. HTTP protocol includes HOST directive to allow endpoint to understand which website is accessed (see https://en.wikipedia.org/wiki/File:Http_request_telnet_ubuntu.png for example). TCP protocol does not have such functionality, it doesn't even know anything about hostnames or websites, it works with IPs only.
  • DerelictD

    MOVED: Need help with HAProxy config

    Locked
    1
    0 Votes
    1 Posts
    540 Views
    No one has replied
  • D

    NRPEv2 check_time

    3
    0 Votes
    3 Posts
    996 Views
    D
    Well this is a first.  NO ONE has ANY thoughts or suggestions about this?!?! Ok some more information:  I found out that if pool.ntp.org is queried more then once in a 30 min time frame that I could be blocked.  My Nagios settings were set to 1 min checks which explains why it would work once in a while. So I changed ALL of my firewall ntp targets to an 'internal ntp server' and focused my gateway firewall on an external target and it appears to be working.  OH and extended the query time to three hours. Working on one of my external firewalls targeting the gateway.  pfsense ntp state shows that its query is successful but nagios is getting a "CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds." Please Help. Dino
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.