1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @Draco said in New pfblockerNG install Database Sanity check Failed: I turned off pFBlocker and hit RUN on Update. You what?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • jimpJ

    MOVED: 2.3.4-p1 Breaks PFBlockerNG

    Locked
    1
    0 Votes
    1 Posts
    511 Views
    No one has replied
  • L

    Unable to install packages

    5
    0 Votes
    5 Posts
    1k Views
    jimpJ
    Nothing changed here recently, and there haven't been any outages. It's possible there was a problem somewhere between you and the package servers, however.
  • D

    Package nut + Eaton Protection800 connection lost and back twice a day

    7
    0 Votes
    7 Posts
    2k Views
    D
    I don't think about UPS issue, because it was plugged to a Windows station before and was reporting no communication error I'll try the 2 other USB ports to be sure, and change usb cable . Let's try external power hub too, i didn't try this yet. About the pollinterval=10 it's already in place. Thank you for your help and patience. I'll give a feeedback asap.
  • C

    Squid reverse proxy: limiting sending large files over HTTP

    2
    0 Votes
    2 Posts
    755 Views
    C
    Solved the issue. Really tried everything, but didn't succeed. Drived me nuts. For anyone having this issue too: Cloudflare has set some limit on the size of the requests: https://support.cloudflare.com/hc/en-us/articles/201303340-How-can-I-change-the-client-maximum-upload-size-  :-\ :-\ Cadish
  • dennypageD

    NUT info thread

    3
    0 Votes
    3 Posts
    580 Views
    dennypageD
    Thank you Jim!
  • C

    PfSense 2.3.4 with NUT 2.7.4_4 and Tripp Lite SMX500RT1U USB No matching HID UPS

    12
    0 Votes
    12 Posts
    4k Views
    dennypageD
    @communityuk: An Electrician caused a reboot by turning off the power on the clean side of the UPS! Anyway I removed the "user=root" and it works ok now. Awesome, thanks for letting me know. I'll see about adding an install warning for this next time I update the package. About the electrician though… sigh.
  • chudakC

    Squid and "Bypass Proxy for These Source IPs" question

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    You can't bypass them as a source and still also have them go through the proxy. The either go through the proxy or they do not. If you could identify the remote server(s) and bypass based on destination, then they could still have their traffic scanned going to other places. But if you want to AV scan the traffic that is also going to the place the camera is sending the video, that would not be possible.
  • K

    Squidguard and https

    3
    0 Votes
    3 Posts
    790 Views
    jimpJ
    You do not need to edit anything in the code/files. Just the GUI settings. Set the redirect type to "Ext URL Found" and then drop the full URL into your "Redirect Info" box. https://your.host.name/sgerror.php?url=403&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u That setting might be on your Common ACL or other ACL configurations.
  • P

    Migrating from TMG 2010 to HA-PROXY as a reverse Proxy issues

    4
    0 Votes
    4 Posts
    1k Views
    P
    In the status page for the SharePoint backend I get: Unauthorized. The site on SharePoint does allow anonymous access. Thanks
  • S

    SSO with LDAP Auth

    3
    0 Votes
    3 Posts
    1k Views
    B
    In my opinion it is not possible without additional components on the client-side. IMHO the best way is to join the domain with your pfsense and then use ntlm for squid-auth. If you look at commercial firewalls (like sophos) they do it the same way. If you want to do it with pfsense, you would have to use a third-party addon. (https://pf2ad.mundounix.com.br/). But unfortunately it is not recommended to use third-party addons on pfsense. It would be great if it could be added as an official package.
  • S

    Pfsense2.3.4 + squid-3.5.26 + squidguard-1.4_15

    2
    0 Votes
    2 Posts
    1k Views
    S
    Can anyone please assist me on this?
  • E

    Quagga, ospf and high availability

    2
    0 Votes
    2 Posts
    2k Views
    Q
    I've recently coded a GUI addition to the Quagga OSPF plugin for doing just this. I'll be submitting a pull request in Github in the next week or so as i finalize a few tweaks. This has really brought our HA router abilities to a new level and it's working well in our datacenters.
  • J

    Issue on radiusd.conf

    2
    0 Votes
    2 Posts
    589 Views
    jimpJ
    Is this with the FreeRADIUS 2.x package or FreeRADIUS 3.x? If it's with the 2.x package, uninstall it and then install the 3.x package. If it's with the 3.x package, you will need to be more specific about the problem: What options in the GUI are not being put into the configuration correctly? And what line, specifically, are you changing to correct the problem?
  • C

    Service watchdog says newer version available - I cannot update

    2
    0 Votes
    2 Posts
    479 Views
    DerelictD
    That is not telling you there is a newer version available. That is a legend. If Service Watchdog was in yellow there would be a newer version available. ![Screen Shot 2017-07-09 at 4.26.18 PM.png](/public/imported_attachments/1/Screen Shot 2017-07-09 at 4.26.18 PM.png) ![Screen Shot 2017-07-09 at 4.26.18 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-07-09 at 4.26.18 PM.png_thumb)
  • perikoP

    Squid3-dev sites issues with SSL3_GET_SERVER_CERTIFICATE

    2
    0 Votes
    2 Posts
    1k Views
    K
    If you change pFSense / Services / Squid Proxy Server / GEneral tab Then check the SSL Man In The Middle Filtering area and change the SSL/MITM Mode from Splice WhiteList, Bumb OtherWise to the Splice ALL the problem can be solve with a this shape. OR With a default value of the SSL/MITM Mode with Splice WhiteList, Bumb OtherWise you can goto ACLs atb and add desıred web site url to the WhiteList area ie: online.kktcmaliye.com
  • E

    Upgrade to Free Radius 3

    3
    0 Votes
    3 Posts
    2k Views
    E
    Great! Thx!
  • A

    Trouble Configuring Avahi

    6
    0 Votes
    6 Posts
    1k Views
    A
    @NogBadTheBad: Shouldn't your edge ports be untagges vlan 101 ? In the Netgear switch, the 6th port, which is connected to airport extreme,  is UT101 and the 1st port,which connected to Firewall,  is 101T.
  • V

    HA Proxy - Shared TCP?

    2
    0 Votes
    2 Posts
    637 Views
    S
    No, you can't do that. HTTP protocol includes HOST directive to allow endpoint to understand which website is accessed (see https://en.wikipedia.org/wiki/File:Http_request_telnet_ubuntu.png for example). TCP protocol does not have such functionality, it doesn't even know anything about hostnames or websites, it works with IPs only.
  • DerelictD

    MOVED: Need help with HAProxy config

    Locked
    1
    0 Votes
    1 Posts
    544 Views
    No one has replied
  • D

    NRPEv2 check_time

    3
    0 Votes
    3 Posts
    1k Views
    D
    Well this is a first.  NO ONE has ANY thoughts or suggestions about this?!?! Ok some more information:  I found out that if pool.ntp.org is queried more then once in a 30 min time frame that I could be blocked.  My Nagios settings were set to 1 min checks which explains why it would work once in a while. So I changed ALL of my firewall ntp targets to an 'internal ntp server' and focused my gateway firewall on an external target and it appears to be working.  OH and extended the query time to three hours. Working on one of my external firewalls targeting the gateway.  pfsense ntp state shows that its query is successful but nagios is getting a "CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds." Please Help. Dino
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.