pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

2263
Topics

13753
Posts

P

@sei-pine said in Unofficial E2guardian package for pfSense: @binkec its already on squid format. Well i did manage to log e2guardian using lightsquid earlier. Gonna monitor it for now. Manually clear your access.log visit some sites then try again. Sarg is complaining of an incorrect date and a loop. Glad to hear you got lightsquid working though, it's simple and it gets the job done.
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

1051
Topics

6379
Posts

@stewart said in DNS Servers being blocked: Off and on I see DNS servers being blocked. Like now, I see 8.8.8.8 being blocked for "SURICATA DNS Unsolicited response". I've seen Google, OpenDNS, and Quad9 DNS IPs be blocked for various reasons. Some, it's because of the response generated with an IP of a malicious domain. I assume it's because an infected machine queried for a honeypot or other known bad IP but it blocks the DNS server for the response. Ultimately I suppose I'd prefer the DNS servers not respond to those requests but there isn't really a way to stop them. Do I need to whitelist the IPs for the DNS servers? Is that normal? Yes, it is customary to whitelist the DNS servers used by the firewall and your clients (or put them in a Pass List) when using Legacy Mode.
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

259
Topics

1365
Posts

A

Hello, I want to ask about some weird situation. I have 2 pfSense boxes, let's name them BOX-1 and BOX-2. BOX-1 is older installation, even before "Netgate", which I upgraded regulary and now it's on latest version 2.4.4 with installed ntopng current package version 0.8.13_3, which was installed today (ntopng was on this box for a long time). Now when I log into ntopng it still says that there is a new version 3.6.0 available (ntopng Community Edition v.3.4.180911). In package dependencies it shows "ntopng-3.6.d201800910,1". It's kind of the same problem which was in previous topic "[Help] ntopng not displaying Minute Interface Top Talkers". But the point is, that when I look in flows or other places, I can see country flags by public IPs. BOX-2 is newer insatallation, with Netgate ISO already. It's updated to same version 2.4.4, both are amd64 systems. Today I installed the newest ntopng package - version 0.8.13_3. When I log into ntopng, it shows I'm on Community Edition v.3.6.181102, which is OK. I also updated GeoIP data, but I can't see anywhere those country flags. Is it a bug or how can I get it there? It looks, that on older version it worked, but it's kind of reporting wrong version in ntopng but correct in pfsense package manager, and a fresh install on fresh pfsense install reports correct version in both places, but can't get work country flags. Any suggestions??
pfBlockerNG

Discussions about the pfBlockerNG package

695
Topics

6740
Posts

If you use the new -devel Version with the Wizard, it creates the PRI1 group of IP4 IP list. I've had the following "fails" for days now: [ pfB_PRI1_v4 - Feodo_Block_v4 ] Download FAIL [ 11/14/18 11:02:39 ] [ pfB_PRI1_v4 - Feodo_BadIPs_v4 ] Download FAIL [ 11/14/18 11:01:36 ] [ pfB_PRI1_v4 - Abuse_SSLBL_v4 ] Download FAIL [ 11/14/18 11:00:35 ] [ pfB_PRI1_v4 - Abuse_DYRE_v4 ] Download FAIL [ 11/14/18 11:00:32 ] [ pfB_PRI1_v4 - Feodo_Block_v4 ] Download FAIL [ 11/14/18 10:02:42 ] [ pfB_PRI1_v4 - Feodo_BadIPs_v4 ] Download FAIL [ 11/14/18 10:01:42 ] [ pfB_PRI1_v4 - Abuse_SSLBL_v4 ] Download FAIL [ 11/14/18 10:00:40 ] [ pfB_PRI1_v4 - Abuse_DYRE_v4 ] Download FAIL [ 11/14/18 10:00:35 ] [ pfB_PRI1_v4 - Feodo_Block_v4 ] Download FAIL [ 11/14/18 09:04:08 ] [ pfB_PRI1_v4 - Feodo_BadIPs_v4 ] Download FAIL [ 11/14/18 09:02:07 ] [ pfB_PRI1_v4 - Abuse_SSLBL_v4 ] Download FAIL [ 11/14/18 09:00:53 ] [ pfB_PRI1_v4 - Abuse_DYRE_v4 ] Download FAIL [ 11/14/18 09:00:48 ] If one tries to use the wizard for a new install, the following lists give errors: MDL -> timeout Abuse_DYRE_v4 -> 503 Feodo_BadIPs_v4 -> 503 Abuse_SSLBL_v4 -> 503 Feodo_Block_v4 -> 503 so could be temporary, but both Feodos and Abuses I'm seeing with 503 for days now. Greets
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

115
Topics

748
Posts

D

Thank you all. Very helpful. I'm going to try to install x64 version (I think in the past I tried and it failed).

pfSense Packages

1

DNS Broken for pkg.pfsense.org
• 10101000

3

0
Votes

3
Posts

1033
Views

https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2
R

Packages wishlist?
• rds_correia

645

0
Votes

645
Posts

317831
Views

D

Midnight Commander (mc). Very good when making a connection to the pfsense terminal with PUTTY. In all other distributions (FreeBSD/Linux) you can find this package. Why not in pfsense?
E

Ntopng. Unable to start HTTP server (IPv4) on ports 3000s
• emammadov

5

0
Votes

5
Posts

54
Views

E

I can access ntopng though, but sometimes i see ntopng stops and starts by itself in Services. But I wonder, will there an update for this error?
L

Squid random disconnects random webpages
• La6er

27

0
Votes

27
Posts

111
Views

L

I have static IPs on my clients... is this script correct? function FindProxyForURL(url,host) { return "PROXY 10.30.251.61:3128"; }
K

Email Notification haproxy
• kiekar

1

0
Votes

1
Posts

12
Views

No one has replied
B

How filter youtube.com on pfsense using squadgard and rules firewall
• bayefalle

9

0
Votes

9
Posts

55
Views

If you already have Squid and Squidguard installed you just need to set Times for that time slot and apply them to the Group ACLs. Steve
A

STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel
• alteredstate

1

0
Votes

1
Posts

20
Views

No one has replied
New Avahi package
• dennypage

10

2
Votes

10
Posts

391
Views

@xpxp2002 Avahi caching is completely disabled. To help me understand, can you give a brief explanation of what devices you are trying to communicate between, and what interfaces they are attached to on your pfSense box? Also, can you show your Avahi config please?
R

Using the FreeRADIUS package to authenticate against macOS Server Open Directory
• robin24

1

0
Votes

1
Posts

22
Views

No one has replied
S

FreeRadius CA Validation Broken 2.4.5
• strangegopher

26

0
Votes

26
Posts

266
Views

S

@jimp thanks for the fix. It works now.
T

FreeRadius 0.15.6 CA Validation Broken on pfSense 2.4.4
• tman222

3

0
Votes

3
Posts

64
Views

T

Fixed in 0.15.7. https://redmine.pfsense.org/issues/9082 Thanks @jimp for addressing this issue so quickly.
Z

Looking For A Monitoring API or Service
• zipper

2

0
Votes

2
Posts

50
Views

C

Collectd can gather your interface stats and output to several different types of storage, you could script against that. For pf blocking stats i honestly don't know there are probably some, you could manually poll from a script using pfctl but there could well be a service that works better.
F

OpenVPN - Client Export for Yealink Phone - Not Working
• fbaumann

4

0
Votes

4
Posts

70
Views

F

@jimp said in OpenVPN - Client Export for Yealink Phone - Not Working: e they have fixed that in a recent update, though. Thank you very much for you reply. Finally got it to work. SHA1 and TLS Encryption ON is crucial. Otherwise it wont work according to my testing. Also i had to edit the configuration file manually: the line ncp disable had to be commented out (not supported by yealink phones) Maybe this could be fixed in the export for yealink phones...
S

All freeradius eap-tls authentications fail when an SSL revocation list is enabled
• smacdoug

34

0
Votes

34
Posts

335
Views

S

Thanks for all the help pointing me in the right direction. I'll keep my list at 10 years for now.
S

install zabbix server in pfsense
• starless_boi

2

0
Votes

2
Posts

55
Views

You cannot install the server or frontend on pfSense. Only the agent and proxy packages are available.
N

Packages not starting after config restore on pfSense 2.4.4
• nmeth

6

0
Votes

6
Posts

86
Views

A

Thanks for the prompt reply. One of the first things that I noticed didn't resolve was the repository. No packages were available, and the Status page couldn't check for updates. Since I was restoring a config from a backup, that's why I thought this might help.
X

BIND Package
• xlameee

17

0
Votes

17
Posts

292
Views

Out of the box access list are going to be auto - but you might need to add that for your vpn tunnel network sure. query name min is when you are walking down from roots and vs asking for www.domain.tld you only ask roots for tld, he says oh .com go ask the ns for .com, you then go ask .com ns hey whats ns for domain.tld.. Only when you get to the actual authoritative NS do you ask for the full record. Keep in mind this can cause issues with some domains and cnames, etc.. There are some threads here where testing that and believe technet and stuff from ms one of the domains that wouldn't resolve.. How is it you couldn't look up the RFC that is clearly listed in the notes about that setting "Only send minimum required labels of the QNAME and set QTYPE to A when possible. Best effort approach; full QNAME and original QTYPE will be sent when upstream replies with a RCODE other than NOERROR, except when receiving NXDOMAIN from a DNSSEC signed zone. Default is off. Refer to RFC 7816 for in-depth information on Query Name Minimization." You really have little use in the advanced section until you know what your doing ;) And are wanting to do something a bit out of the box. Quick look there and one thing you might want to enable is "Serve cache records even with TTL of 0" Prob give you better cache hits. Your hide options are exactly that - they will NOT answer those sorts of queries.. Unless you were going to let the public query it there is no reason to enable those... Unless you think someone on your own local network or connected to your vpn is going to query your unbound for its version info and then from that HACK it ;)
E

APCUPSD package
• everyonelovescheese

1

1
Votes

1
Posts

46
Views

No one has replied
J

tinc: Establishing a gateway to tinc network
• jack_myers

1

0
Votes

1
Posts

56
Views

No one has replied
A

Unable to Update 2.4.3 packages
• AMD_infinium05

3

0
Votes

3
Posts

72
Views

A

@grimson guess we have to plan earlier than expected. thank you!
V

Bind manual configuration...
• vinifa

5

0
Votes

5
Posts

109
Views

@johnpoz said in Bind manual configuration...: Read this http://shop.oreilly.com/product/9780596100575.do It will change your life.. I confirm. Live did become easier when one knows what DNS is (and not what one thinks it is). I have an old edition and will order the new one.
C

watchdog schedule
• captainhastings

6

0
Votes

6
Posts

87
Views

C

oh yes it was because watchdog was empty as i have removed the vpn from. Sorted thank you
F

haproxy not starting
• fernandoipsec

9

0
Votes

9
Posts

123
Views

S

same behavior for me, 2.4.4 on SG-1000. Although I have one lua-file in HAproxy, for doing the LetsEncrypt-Challenge. EDIT: solved by uninstalling and reinstalling the 2 packages, and re-adding the lua-script.
J

Installing WireGuard VPN
• juppin

13

0
Votes

13
Posts

7375
Views

W

Thee FreeBSD port itself is broken. There were some changes with 20181018 snapshot but you'll run into a stacktrace when restarting the service too often :)
J

Avahi - OpenVPN missing from deny interfaces
• j-marz

1

0
Votes

1
Posts

41
Views

No one has replied
M

Tinc 1.0.35 security release.
• Milkwyrm

3

0
Votes

3
Posts

66
Views

M

Yep. Thanks Jim.I appreciate the good work that goes into keeping pfSense current.
P

Squid Reverse proxy works inconsistently
• packetman_

1

0
Votes

1
Posts

33
Views

No one has replied
D

Monitoring bandwidth by month on a system using an SSD Drive
• daveinfla

4

0
Votes

4
Posts

83
Views

B

I don't think that is much of an issue with modern SSD drives. Disk writes like these were problematic with unmanaged flash memory like CF-Cards and USB sticks, but it should be safe to treat an SSD like any other disk. If you installed using ZFS, I believe TRIM should already be active.
J

Zabbix agent broken on 2.4.4? PHP error
• jarlel

32

0
Votes

32
Posts

346
Views

J

@jimp said in Zabbix agent broken on 2.4.4? PHP error: As has been covered in numerous threads all over the forum, you can't install new packages on 2.4.3 because it will break the system as it's trying to pull things in from the 2.4.4 upgrade repo. Ok, noted. Thanks.
A

Offline Package Management?
• Agarax

4

0
Votes

4
Posts

1134
Views

The forum conversion apparently mangled the syntax above. In this case, you'd just put haproxy there, so pkg install pfsense-pkg-haproxy. But pkg add works for local files as well.
E

Error message from Arpwatch
• emammadov

4

0
Votes

4
Posts

96
Views

Or install the cron package and remove the cron entry referring to vnstat.
T

Cellular package
• trumee

4

0
Votes

4
Posts

241
Views

T

@rmalla Sorry, i am no longer using a usb modem and dont have a solution.
T

freeradius3 Authentication issues.
• thezfunk

1

0
Votes

1
Posts

59
Views

No one has replied
SquidGuard not working?!!!!!
• faxmodem

4

0
Votes

4
Posts

117
Views

Meanwhile, what about the official video, the one that works https://www.youtube.com/watch?v=xm_wEezrWf4
S

avahi and macOS hostname number bug
• SpaceBass

5

0
Votes

5
Posts

95
Views

@spacebass said in avahi and macOS hostname number bug: ou are a saint! (and now I see the fine print under that setting about helping with duplicati Think you'll need to go into System Prefs -> Sharing and remove the (123) from the name. I gave up using AVAHI and added the following to every interface I needed multicast:-
E

LCDproc
• erdeidominik99

2

0
Votes

2
Posts

85
Views

Hard to say without more data. Wrong com port maybe? This is some LCD you have built yourself? Steve
Manually installing packages from the command line / ssh / console
• luckman212

4

0
Votes

4
Posts

115
Views

Well as long as you don't use -y it will still ask for confirmation after printing the list of changes so it's not awful, but still someone could absentmindedly hit y not realizing the list of changes was bad. You could run pkg install -n blah and read the output to know for sure in a safe way.
H

Avahi - Endless Computer Name Loop
• hessercan

3

0
Votes

3
Posts

78
Views

H

Thank You So Much! I knew it had to be something stupid. I don't know yet, but hopefully this is the end to my problem.
NUT package
• dennypage

422

0
Votes

422
Posts

61261
Views

J

@dennypage you are right; rebooting the device did the trick. Thanks.
M

Why is E2Guardian5 not an official package?
• mateusscheper

3

0
Votes

3
Posts

139
Views

M

@virgiliomi I use this unnofficial package and I love it. The problem is when pfSense updates, that's why I'd like it as an official package.

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

1 / 203

Cache/Proxy

IDS/IPS

Traffic Monitoring

pfBlockerNG

ACME

DNS Broken for pkg.pfsense.org • 10101000

Packages wishlist? • rds_correia

Ntopng. Unable to start HTTP server (IPv4) on ports 3000s • emammadov

Squid random disconnects random webpages • La6er

Email Notification haproxy • kiekar

How filter youtube.com on pfsense using squadgard and rules firewall • bayefalle

STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel • alteredstate

New Avahi package • dennypage

Using the FreeRADIUS package to authenticate against macOS Server Open Directory • robin24

FreeRadius CA Validation Broken 2.4.5 • strangegopher

FreeRadius 0.15.6 CA Validation Broken on pfSense 2.4.4 • tman222

Looking For A Monitoring API or Service • zipper

OpenVPN - Client Export for Yealink Phone - Not Working • fbaumann

All freeradius eap-tls authentications fail when an SSL revocation list is enabled • smacdoug

install zabbix server in pfsense • starless_boi

Packages not starting after config restore on pfSense 2.4.4 • nmeth

BIND Package • xlameee

APCUPSD package • everyonelovescheese

tinc: Establishing a gateway to tinc network • jack_myers

Unable to Update 2.4.3 packages • AMD_infinium05

Bind manual configuration... • vinifa

watchdog schedule • captainhastings

haproxy not starting • fernandoipsec

Installing WireGuard VPN • juppin

Avahi - OpenVPN missing from deny interfaces • j-marz

Tinc 1.0.35 security release. • Milkwyrm

Squid Reverse proxy works inconsistently • packetman_

Monitoring bandwidth by month on a system using an SSD Drive • daveinfla

Zabbix agent broken on 2.4.4? PHP error • jarlel

Offline Package Management? • Agarax

Error message from Arpwatch • emammadov

Cellular package • trumee

freeradius3 Authentication issues. • thezfunk

SquidGuard not working?!!!!! • faxmodem

avahi and macOS hostname number bug • SpaceBass

LCDproc • erdeidominik99

Manually installing packages from the command line / ssh / console • luckman212

Avahi - Endless Computer Name Loop • hessercan

NUT package • dennypage

Why is E2Guardian5 not an official package? • mateusscheper

Products

Applications

Support

Services

News

Resources

Company

Our Mission

Subscribe to our Newsletter

DNS Broken for pkg.pfsense.org
• 10101000

Packages wishlist?
• rds_correia

Ntopng. Unable to start HTTP server (IPv4) on ports 3000s
• emammadov

Squid random disconnects random webpages
• La6er

Email Notification haproxy
• kiekar

How filter youtube.com on pfsense using squadgard and rules firewall
• bayefalle

STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel
• alteredstate

New Avahi package
• dennypage

Using the FreeRADIUS package to authenticate against macOS Server Open Directory
• robin24

FreeRadius CA Validation Broken 2.4.5
• strangegopher

FreeRadius 0.15.6 CA Validation Broken on pfSense 2.4.4
• tman222

Looking For A Monitoring API or Service
• zipper

OpenVPN - Client Export for Yealink Phone - Not Working
• fbaumann

All freeradius eap-tls authentications fail when an SSL revocation list is enabled
• smacdoug

install zabbix server in pfsense
• starless_boi

Packages not starting after config restore on pfSense 2.4.4
• nmeth

BIND Package
• xlameee

APCUPSD package
• everyonelovescheese

tinc: Establishing a gateway to tinc network
• jack_myers

Unable to Update 2.4.3 packages
• AMD_infinium05

Bind manual configuration...
• vinifa

watchdog schedule
• captainhastings

haproxy not starting
• fernandoipsec

Installing WireGuard VPN
• juppin

Avahi - OpenVPN missing from deny interfaces
• j-marz

Tinc 1.0.35 security release.
• Milkwyrm

Squid Reverse proxy works inconsistently
• packetman_

Monitoring bandwidth by month on a system using an SSD Drive
• daveinfla

Zabbix agent broken on 2.4.4? PHP error
• jarlel

Offline Package Management?
• Agarax

Error message from Arpwatch
• emammadov

Cellular package
• trumee

freeradius3 Authentication issues.
• thezfunk

SquidGuard not working?!!!!!
• faxmodem

avahi and macOS hostname number bug
• SpaceBass

LCDproc
• erdeidominik99

Manually installing packages from the command line / ssh / console
• luckman212

Avahi - Endless Computer Name Loop
• hessercan

NUT package
• dennypage

Why is E2Guardian5 not an official package?
• mateusscheper