1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @dma_pf said in DNSBL Resolving Some Domains To 10.10.10.1 But Does Not Log Them: "mobile.events.data.microsoft.com I couldn't find that host name in the "/var/db/pfblockerng/dnsbl/Max_MS.txt" file - where does your "/var/db/pfblockerng/dnsbl/Crazy_Max_Extra.txt:" come from ? I picked an host name from the Max_MS.txt file, and tested : C:\Users\Gauche>nslookup umwatsonc.events.data.microsoft.com Serveur : pfSense.brit-hotel-fumel.net Address: 2a01:cb19:907:dead:beef:fe29:392c Réponse ne faisant pas autorité : Nom : umwatsonc.events.data.microsoft.com Addresses: :: 0.0.0.0 and the request was 0.0.0.0 blocked - I'm not using "pfSense pfBlocker Web server logging" (DNSBL Webserver/VIP ) as the "you are blocked web page" only shows up when the end browser user visits http sites, something that doesn't exist anymore on the Internet. All sites are https these days, and https sites can be redirected to "another https web server" like the "pfSense pfBlocker Web server". [image: 1762186097369-04f9cfb4-d6ca-41f8-976c-b40f3c7e564b-image.png]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    F
    I didn't say you should remove the override.ups.delay.shutdown directive, I said you should remove the ignorelb directive. Ok, I will test without ignorelb directive. Also, you do not have anything in the Advanced settings section, correct? Yes As to running a calibration test, consult your UPS manual or support from the manufacturer of your UPS. I find anything I will search tomorow

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    @chpalmer okay so here is the update. I was able to get all my wireguard servers handshaking, my two personal tunnels and my one nord. I have full access to to my lan with my personal tunnels but I now dont have nord routing any traffic through its tunnel. I try to make a lan rule route one ip through nord and make one NAT rule and nothing. I lose internet on my one ip when I try and make a rule to use the nordvpn gateway
Log in to post
Load new posts
  • T

    Freeradius TLS 1.0 and 1.1 not activated anymore

    1
    0 Votes
    1 Posts
    377 Views
    No one has replied
  • M

    Package missing list 23.09.1

    6
    0 Votes
    6 Posts
    668 Views
    M
    @ahking19 I chose the free version of OPNsense. I had already tested pfsense CE in the past. I had to switch to pfsense+ because the CE version was not compatible with my equipment. I didn't want to waste time on that. And in principle, I do not accept the fact that Pfsense+ became chargeable for home use, even though it was announced to be free. the price is excessively expensive…
  • X

    Snort blocking VPN traffic

    2
    1
    0 Votes
    2 Posts
    450 Views
    bmeeksB
    Why don't you just disable that rule instead? It is an ET Policy rule. Those are usually used just for notification or to enforce some corporate policy. You've discovered that it is falsely triggering in your network due to the VPN traffic (a false positive), so just disable it. Click the red X under the GID:SID column in the ALERTS tab.
  • F

    Errors installing HAProxy and not showing up on services tab

    5
    0 Votes
    5 Posts
    517 Views
    F
    Good idea, I still have the equipment that I migrated from, so I will go back to that one and pull the config and see if I can find the differences in the config, thank you
  • L

    New Router. Backup Restored. No Snort Alerts now

    snort alerts not working
    3
    0 Votes
    3 Posts
    889 Views
    L
    @bmeeks : Ok. So I disabled and unassigned the WAN Sort interface. Then copied it back to the newly unused WAN interface, enabled and started it and...... IT WORKED!!! I'm getting Alerts and its generating blocks as before the upgrade! Same name as before, but apparently an internal interface mapping in Snort was still looking for the old WAN interface id. Thanks!!!
  • H

    Question about cron package

    4
    0 Votes
    4 Posts
    1k Views
    H
    @hspindel said in Question about cron package: @Gertjan Thank you for the reply. pfSense is already setup to send notifications. So what do I do have the simple command "vmstat -m" run from cron and send an email? Never mind. Figured it out. Thank you.
  • M

    Avahi not reflecting some broadcast

    9
    2
    0 Votes
    9 Posts
    2k Views
    M
    @dennypage i think that because of the package that can be seen by pfsense and openwrt_b and esphome_dashbord in vlan_iot and openwrt_b can reflect/re-create the package to vlan_server well, there is no problem with the openvpn or firewall rules. for now i think i will just use avahi in my openwrt_b.
  • opticalcO

    Will we ever get ZeroTier?

    1
    0 Votes
    1 Posts
    251 Views
    No one has replied
  • V

    update Snort 4.1.6_15

    2
    0 Votes
    2 Posts
    340 Views
    bmeeksB
    Release notes for IDS/IPS package upgrades are usually posted in the IDS/IPS subforum here on the Netgate Forums. Here is a link to the Release Notes post for Snort 4.1.6_15: https://forum.netgate.com/topic/186417/new-snort-package-v4-1-6_15-update-release-notes. Since my native (and unfortunately, only) language is English, I post the release notes for both Snort and Suricata in English in the IDS/IPS sub-forum located here: https://forum.netgate.com/category/53/ids-ips.
  • M

    speedtest-cli ERROR: Unable to connect to servers to test latency.

    9
    0 Votes
    9 Posts
    14k Views
    Sergei_ShablovskyS
    @mathais said in speedtest-cli ERROR: Unable to connect to servers to test latency.: @Gertjan Thank you, so you removed speedtest-cli ? I have openvpn configured on my pfsense and all my IPV4 traffic pass through the VPN . All traffic? Even video&music streaming? Why??? Do you know another tool for testing my internet speed ? Saying “internet speed” what EXACTLY You mean: uplink to ISP, between Your pfSense and certain server, between Your device(s) and certain server? Check all cables, connected speed on NIC, no collisions and errors on interfaces. 2. SWITCH ON RACK/QUICK congestion control (CC) in FreeBSD. 3. DISABLE OFFLOADING on NICs - nowadays this have no sens. 4. DISABLE POWER MANAGEMENT on motherboard (off CPU Threading, CPU power states, PCI & NICs power mgmt, etc…) 5. only now test by Speedtest Fast Librespeed iperf3 Your UPLINK (of course no any other net activity on pfSense would be). After that You have: maximum possible on certain moment from Your hardware & FreeBSD drivers; measurements from nearest and far servers (not very accurate because workload time of the day and loading of certain server); Better to automate this by Smokeping (on the pfSense device itself) OR Prometheus+Grafana on separate server (but agent on pfSense). With alerting on Pushover by API or email.
  • Z

    Openvpn wrapped by stunnel

    11
    1 Votes
    11 Posts
    6k Views
    V
    @akha666 Hello please how were you able to configure the stunnel to work with your OVPN. I keep trying to do the configuration on my pfsense but it doesnt work
  • L

    speedtest specific interface?

    2
    0 Votes
    2 Posts
    471 Views
    juanzelliJ
    @Lockie Run speedtest-cli -h to see the syntax. It seems you could run speedtest-cli --source <VPN IP> to test.
  • R

    Zabbix Agent 6 - problem [Interrupted system call]

    1
    0 Votes
    1 Posts
    316 Views
    No one has replied
  • A

    Package Available Error

    8
    0 Votes
    8 Posts
    1k Views
    T
    @wija86 i did not find any soulsion on it so i did reinstall my PFsense and now its working. I was stuck between 2.7.0 and 2.7.2 it did say i had the newest update but my GUI did say 2.7.0 now after the reinstall my Gui says 2.7.2 and my packages are working again.
  • W

    Got error in package manager

    Locked
    6
    0 Votes
    6 Posts
    988 Views
    W
    @SteveITS said in Got error in package manager: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors Hi Steve i already try all step in that particular link , but no luck. when i check in system --> update --> system update there is warning message " pfSense-repoc : failed to fetch the repo data
  • R

    Haproxy block user-agent

    3
    0 Votes
    3 Posts
    2k Views
    Sergei_ShablovskyS
    @rlljorge said in Haproxy block user-agent: Hello there, I would like to block some user agents in haproxy like: Baiduspider Sosospider Sogou ZumBot Yandex I found some examples in haproxy community but Didn't make work in pfsense/haproxy, example: acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent http-request deny if blockedagent And how You resolve it ?
  • M

    FreeRADIUS sync interfaces

    4
    0 Votes
    4 Posts
    2k Views
    keyserK
    @Trey said in FreeRADIUS sync interfaces: Hi all, the new sync method is synchronising everything from freeradius. This destroyed our freeradius setup in multiple branches, as it overwrote all interfaces and all eap certificates in every sync host. We have about 7 branches with the freeradius deamon running and used the sync to sync only users and NAS/clients. Was this change really intended? For me this is more a bug as a feature… Could someone clarify this? Thanks for your help If you used a common CA and Radius certificate (same thumbprint) across the different pfSense boxes, and created only a 127.0.0.1 interface in Radius, would it then not work again? You would obviously need to create a NAT rule for ports 1812/1813 on the interfaces where Radius should be present (pointing to 127.0.0.1)
  • TangoOverswayT

    Using HAProxy to redirect, but not to load balance

    3
    0 Votes
    3 Posts
    512 Views
    TangoOverswayT
    @viragomann @viragomann said in Using HAProxy to redirect, but not to load balance: But do the printers check the host name at all, or do they only simply listen on IP and port? The printers are connected to the Pi with a USB cable. They don't deal with IP at all. What does deal with anything like that is the slicer when I use it to upload to OctoPrint to print, but that's something I expected to have to deal with. Sounds like the configuration is pretty much the same as what I had to do on the Pi I was using for printing and shouldn't be too hard. Thanks - and thank you for not going into why to just use the names I give each host instead!
  • JeGrJ

    OpenVPN Client Export - feature wishlist

    1
    2 Votes
    1 Posts
    252 Views
    No one has replied
  • S

    FreeRadius: wireless access points receive no response for MAC authentication

    3
    0 Votes
    3 Posts
    682 Views
    S
    Hi @Gertjan Thank you sharing your configuration and suggestions. I'll review my config and carry out more testing with debugging on this weekend. Can I ask, are you authenticating users or devices using username and password in the 'Users' tab, and/or devices with MAC address in the MAC's tab ? Thanks, Stuart
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.