pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

2320
Topics

13986
Posts

F

Hello, i'm using pfSense 2.4.4-RELEASE-p2 I deployed squid reverse proxy for a few http and https sites and used acme package to issue certificates and stuff, they are working perfectly BUUUT now i need some http sites to respond only in https (they already work correctly if i force https on the address bar) lets say, http://testing.contoso.com to https://testing.contoso.com So far all the suggestions that I searched online and tried have failed What am I missing? Is there a simple way to do this? Thank you!
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

1101
Topics

6903
Posts

One more question: How did you upgrade to the 4.1.2 version? Did you do like the Release Notes said and completely remove the package before installing again, or did you just click the re-install icon on the Package Manager Installed Packages tab? If you did the latter, go back and completely remove the package by hitting the delete icon (the little trashcan). After the removal completes, go back to the Package Manager screen and install Suricata again from the Available Packages tab. This is a very critical process, and is why I highlighted it in red in the Release Notes for the 4.1.2 package update notice.
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

265
Topics

1424
Posts

I have the same issue here. I can't login with Chrome, but with Firefox no problems.
pfBlockerNG

Discussions about the pfBlockerNG package

776
Topics

7147
Posts

Install Cron package and then you could run a cron shell job 15 min before PfblockerNG Cron Update that download and process the list to a local file to be ready for processing.
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

129
Topics

816
Posts

Followed this example: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#ftp-webroot Used webroot FTP method, entered domain as sftp://xxx.ddns.net (tried without sftp:// as well) Can ssh to my router from the internet as well as locally from router prompt with provided credentials. However failing to issue certificate: challenge_response_put ACME_XXX_TEST, xxx.ddns.net FOUND domainitemFTP [Tue Jan 15 17:21:27 PST 2019] Pending [Tue Jan 15 17:21:29 PST 2019] Pending [Tue Jan 15 17:21:31 PST 2019] Pending [Tue Jan 15 17:21:33 PST 2019] Pending [Tue Jan 15 17:21:36 PST 2019] Found domain http api file: /tmp/acme/ACME_XXX_TEST//httpapi/pfSenseacme.sh [Tue Jan 15 17:21:36 PST 2019] xxx.ddns.net:Verify error:Fetching http://xxx.ddns.net/.well-known/acme-challenge/WKEcQg9vY8Q0Fgg4XWEt4sK-oZEtZFGkDVQTwPeIpwI: Timeout during connect (likely firewall problem) [Tue Jan 15 17:21:36 PST 2019] Please check log file for more details: /tmp/acme/ACME_XXX_TEST/acme_issuecert.log My pfSense router is is using self-signed CA at the moment. Any clues appreciated! Thx

pfSense Packages

1

DNS Broken for pkg.pfsense.org
• 10101000

3

0
Votes

3
Posts

1194
Views

https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2
R

Packages wishlist?
• rds_correia

646

0
Votes

646
Posts

322500
Views

J

@hidalgo I'd rather see a package that can access a unifi controller using something like this https://github.com/Art-of-WiFi/UniFi-API-client It would be great to manage pfSense and Unifi from the same interface
M

Device's unable connect to chromecast over VLAN
• mrhomelabber

10

0
Votes

10
Posts

51
Views

For the record : the solution was ?
A

pfsense / freeRADIUS
• afmiller

2

0
Votes

2
Posts

46
Views

Do a radtest to verify its working:- root@unifi:~# radtest -4 andy password 172.16.0.1 1812 ClientSharedSecret Sending Access-Request of id 181 to 172.16.0.1 port 1812 User-Name = "andy" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 172.16.0.1 port 1812, id=181, length=34 Class = 0x61646d696e73 Service-Type = Administrative-User root@unifi:~# https://support.microfocus.com/kb/doc.php?id=7014552 You could also do a radsniff -x on pfSense.
L

BIND DNS Package on pfsense
• luisenrique

1

0
Votes

1
Posts

32
Views

No one has replied
S

BIND GUI is missing "advanced options"
• schossel

7

0
Votes

7
Posts

120
Views

S

I reinstalled the package and it's there. I don't know why it wasn't in the first place but thanks for the help!
L

Help with bind package and dynamic dns server by my own and ecme package
• luisenrique

2

0
Votes

2
Posts

95
Views

@luisenrique said in Help with bind package and dynamic dns server by my own and ecme package: https://www.netgate.com/docs/pfsense/dns/rfc2136-dynamic-dns.html To get you started : check out the link again. Read everything several times. Using a script or program (like nsupdate) locally, or remotely, works great but every bit counts here : one slightest error and your ko. The big hint is here https://www.netgate.com/docs/pfsense/dns/rfc2136-dynamic-dns.html - the last line : And that should be it. Assuming the firewall has connectivity to the name server, and there are no other access policies that would prevent the update, RFC2136 DynDNS service is now working. Should anything not work as expected, check the system log and/or the log on the name server. The last 6 six words will gie you the solution : check out bind's log files (they have to be set up of course). They tell you how the update went, and what failed.
M

How do I know what's new in a pfSense package update?
• Making_sense_of_pfSense

3

0
Votes

3
Posts

40
Views

M

@jimp Ok, thank you!
T

Using Pfsense in aws with Freeradius and AD accounts for mfa/otp functionality
• tbaror

1

0
Votes

1
Posts

44
Views

No one has replied
D

Is there a way to use BFD with FRR? (alternatively: are there plans to upgrade to FRR 6.0?)
• davidbalbert

3

0
Votes

3
Posts

78
Views

D

Great, thanks. I'll keep an eye out for FRR 6.
B

HAProxy Maint Mode Page
• Brailyn

4

0
Votes

4
Posts

79
Views

P

@brailyn Well.. ssl/https uses 'mode tcp'. And haproxy will not send the errorfile in that case. To make haproxy respond with a http error response, you would need it to 'offload' the ssl traffic with a certificate. Or if you can supply haproxy with the certificate you could still pass the main traffic as-is with the sni frontend and send it to a second 'local frontend' that does the decryption of the https request if a backend is down to serve the error reply.. Together with a nbsrv acl to switch to that second 'error frontend' if the webserver is down.
R

Package database getting deleted
• rickym

8

0
Votes

8
Posts

187
Views

R

My bad. I had a proxy URL configured. Removing it has solved my problem. Thanks for you help everyone. Ricky
T

Changing FreeRadius Framed-MTU Attribute
• tman222

1

0
Votes

1
Posts

36
Views

No one has replied
A

Avahi - interface missing
• AW_sensepf

8

0
Votes

8
Posts

208
Views

@aw_sensepf No worries.
S

BIND forwarding is not working
• Scissorfish

28

0
Votes

28
Posts

7888
Views

B

In case somebody is still having this issue: https://forum.netgate.com/topic/139262/query-forwarding-in-bind9-is-not-working
A

NUT Package Eaton Ellipse Pro
• admins

3

0
Votes

3
Posts

88
Views

A

Hi Reboot was the solution. Thx Admins
W

Install HA on PFSense Environment
• wes93

3

0
Votes

3
Posts

131
Views

W

@jimp Thanks a lot for your answer!!! :-D
V

Does NUT package display on the Dashboard
• veldthui

4

0
Votes

4
Posts

95
Views

V

Thanks for that
NUT package
• dennypage

428

0
Votes

428
Posts

64751
Views

@q54e3w I'm glad you got everything straightened out. And I'd like to give a big thank you for posting details on the resolution--I'm sure this will help someone in the future.
M

another tftp server question
• micropone

1

0
Votes

1
Posts

52
Views

No one has replied
S

DLNA across VLAN subnets with IGMP Proxy not working
• snow

14

0
Votes

14
Posts

537
Views

Update....I was far too quick in my judgement, after say 25 sec it worked . Pimd did it, with the above conf, but now I would like to know why, for instance what I don't understand is why don't I have to define an up- or downstream. Could you give me some insight how and why this works. Cheers Qinn
A

how to Load many users on freeradius automatically?
• aliadam

7

0
Votes

7
Posts

137
Views

@aliadam Great.
A

FreeRADIUS3: Starting up too late for IPSEC?
ipsec freeradius radius • • alexanderk81

1

0
Votes

1
Posts

55
Views

No one has replied
D

stunnel question
• DerKlaus

1

0
Votes

1
Posts

60
Views

No one has replied
K

Stunnel removed with 2.3 ?
• Kekskrümel

14

0
Votes

14
Posts

6148
Views

Hey guys. Sorry to revive a thread but I figured the important people are all here. I was wondering if someone could help with the stunnel package? Here's the problem we're having in the latest version. https://forum.pfsense.org/index.php?topic=142463 It doesn't seem to be running on a reboot, so it's probably just missing an entry somewhere to start it? I assume it would be easy for a Linux/BSD guy to fix, but alas that's not me. Thank you!
R

LCSproc on XTM5
• rosiakc

9

0
Votes

9
Posts

164
Views

@rosiakc Either port on board is bad or LCD is bad.
Snort blocking all torrents
• wgstarks

4

0
Votes

4
Posts

483
Views

D

I know it’s an old topic, but I have the exact same problem and it’s nowhere else on the forum. Torrents work fine with Snort disabled, but with Snort enabled and starting a torrent it will kill off my VPN client connection within a minute. I tried adding the VPN address to Snort’s pass list but no changes. Anyone with a suggestion?
N

Get Auto Configuration Backup to skip backing up when pfblocker updates
• nzkiwi68

8

0
Votes

8
Posts

1077
Views

@doktornotor : Why the antagonism? The fact is that the backups triggered by pfBlockerNg (an excellent package) are useless to the firewall Administrator. It would be nice if they could be eliminated, or reduced to once a day or only once-since-the-last-non-pfBlockerNg-triggered backup. I can't help but wonder at some of the (hopefully only apparent) arrogance of some of the posters on this forum. It's not constructive, and it's off-putting. We ge it,t OK? You (the snarky, elitist responders) are brilliant and we are just worthless plebeians. You could, and should, be courteous regardless of that (pseudo) fact.
New Avahi package
• dennypage

35

2
Votes

35
Posts

1866
Views

@muppet You’re welcome. Glad it’s working for you.
B

Spamed by Arpwatch Notification : Cron
• Bigozz

1

0
Votes

1
Posts

55
Views

No one has replied
M

how to disable squid
• mcuddy

17

0
Votes

17
Posts

181
Views

@mcuddy said in how to disable squid: @vallum said in how to disable squid: Psec or Gre That would be my problem. I did not create a tunnel. All I did was change the dns addresses. Check their documentation for further details At the moment, I don't know how to add the tunnel, nor the implications of doing it (am I likely to take the internet down while setting it up? etc.) I'll look into it. Do you have any direction here? You can create IPsec tunnel in pfsense , I don't see any issue with that. at securly end you need to create tunnel parameters like preshared key and IP address of site, subnet details etc. Then same information in Pfsense while setting up tunnel.
J

Installing WireGuard VPN
• juppin

22

0
Votes

22
Posts

11932
Views

@bobert Wireguard May well be the future, but not for pfsense while it’s only available as a GPLed package over tun/tap. When Wireguard is available as a kernel-native implementation on FreeBSD (as it is on Linux), without the external dependencies on Go, we’ll integrate it in pfsense. Also, just to clarify Linus’ quote: “Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art.”
I

OpenNTPD vs. NTP
• iami

6

0
Votes

6
Posts

129
Views

I

With external you hopefully do not mean those in package manager too?
L

SNORT
• lshantz

20

0
Votes

20
Posts

472
Views

@modesty said in SNORT: @bmeeks Hi. I only run windows + pfsense so Graylog is not for me. Can it be that there is no opensource log analyzer for snort logs? For pretty much all of the open source stuff out there for log consolidation and analysis, you are going to need a Linux box to host the software. I suggest a VMware host and then one or more Linux virtual machines. If you are a Windows shop, then Hyper-V can be your host and you can run the Linux VMs on it. The new fad these days is JSON logging, so most of the tools that ingest log files are tending toward accepting that format natively. However, some can still take plain text logs. You just might have to fiddle around with regular expressions and other minutia to get it working.
D

Question about snort + squid
• DerKlaus

2

0
Votes

2
Posts

76
Views

@derklaus said in Question about snort + squid: Hello. I have a question regarding Snort + Squid package. Is it possible to add a Windows application to a whitelist with Snort? After that i want bypass a OpenVPN connection with the whitelist over squid. Would that be possible? You can only whitelist IP addresses in Snort, so if your Windows application runs on a specific server (as in on some host with a static IP), then the answer might be "yes". You can't whitelist by any kind of name, though.
manually installed package doesn't appear on lists
• adamw

8

0
Votes

8
Posts

230
Views

Because you installed it "offline" and not from the pfSense repository, it won't display in the GUI list. https://www.netgate.com/docs/pfsense/releases/2-4-4-new-features-and-changes.html#errata
Z

TINC Restarting every few seconds
• zombielinux

1

0
Votes

1
Posts

62
Views

No one has replied
C

FRR 0.2_4 installation broken with pfSense 2.4.4_1
• Chipa

4

0
Votes

4
Posts

151
Views

C

Just to close this off. I reinstalled 2.4.4, frr installed fine. Upgraded to 2.4.4_1 and FRR appears to be working, although I am having GUI config issues adding a BGP neighbor, but I suspect that is separate as I've seen this happen previously.
Preinstalled packages in 2.4.4-p1
• Rico

1

0
Votes

1
Posts

111
Views

No one has replied
J

clamd / freshclam and a control panel
• justme2

1

0
Votes

1
Posts

63
Views

No one has replied

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

1 / 204

Cache/Proxy

IDS/IPS

Traffic Monitoring

pfBlockerNG

ACME

DNS Broken for pkg.pfsense.org • 10101000

Packages wishlist? • rds_correia

Device's unable connect to chromecast over VLAN • mrhomelabber

pfsense / freeRADIUS • afmiller

BIND DNS Package on pfsense • luisenrique

BIND GUI is missing "advanced options" • schossel

Help with bind package and dynamic dns server by my own and ecme package • luisenrique

How do I know what's new in a pfSense package update? • Making_sense_of_pfSense

Using Pfsense in aws with Freeradius and AD accounts for mfa/otp functionality • tbaror

Is there a way to use BFD with FRR? (alternatively: are there plans to upgrade to FRR 6.0?) • davidbalbert

HAProxy Maint Mode Page • Brailyn

Package database getting deleted • rickym

Changing FreeRadius Framed-MTU Attribute • tman222

Avahi - interface missing • AW_sensepf

BIND forwarding is not working • Scissorfish

NUT Package Eaton Ellipse Pro • admins

Install HA on PFSense Environment • wes93

Does NUT package display on the Dashboard • veldthui

NUT package • dennypage

another tftp server question • micropone

DLNA across VLAN subnets with IGMP Proxy not working • snow

how to Load many users on freeradius automatically? • aliadam

FreeRADIUS3: Starting up too late for IPSEC? ipsec freeradius radius • • alexanderk81

stunnel question • DerKlaus

Stunnel removed with 2.3 ? • Kekskrümel

LCSproc on XTM5 • rosiakc

Snort blocking all torrents • wgstarks

Get Auto Configuration Backup to skip backing up when pfblocker updates • nzkiwi68

New Avahi package • dennypage

Spamed by Arpwatch Notification : Cron • Bigozz

how to disable squid • mcuddy

Installing WireGuard VPN • juppin

OpenNTPD vs. NTP • iami

SNORT • lshantz

Question about snort + squid • DerKlaus

manually installed package doesn't appear on lists • adamw

TINC Restarting every few seconds • zombielinux

FRR 0.2_4 installation broken with pfSense 2.4.4_1 • Chipa

Preinstalled packages in 2.4.4-p1 • Rico

clamd / freshclam and a control panel • justme2

Products

Applications

Support

Services

News

Resources

Company

Our Mission

Subscribe to our Newsletter

DNS Broken for pkg.pfsense.org
• 10101000

Packages wishlist?
• rds_correia

Device's unable connect to chromecast over VLAN
• mrhomelabber

pfsense / freeRADIUS
• afmiller

BIND DNS Package on pfsense
• luisenrique

BIND GUI is missing "advanced options"
• schossel

Help with bind package and dynamic dns server by my own and ecme package
• luisenrique

How do I know what's new in a pfSense package update?
• Making_sense_of_pfSense

Using Pfsense in aws with Freeradius and AD accounts for mfa/otp functionality
• tbaror

Is there a way to use BFD with FRR? (alternatively: are there plans to upgrade to FRR 6.0?)
• davidbalbert

HAProxy Maint Mode Page
• Brailyn

Package database getting deleted
• rickym

Changing FreeRadius Framed-MTU Attribute
• tman222

Avahi - interface missing
• AW_sensepf

BIND forwarding is not working
• Scissorfish

NUT Package Eaton Ellipse Pro
• admins

Install HA on PFSense Environment
• wes93

Does NUT package display on the Dashboard
• veldthui

NUT package
• dennypage

another tftp server question
• micropone

DLNA across VLAN subnets with IGMP Proxy not working
• snow

how to Load many users on freeradius automatically?
• aliadam

FreeRADIUS3: Starting up too late for IPSEC?
ipsec freeradius radius • • alexanderk81

stunnel question
• DerKlaus

Stunnel removed with 2.3 ?
• Kekskrümel

LCSproc on XTM5
• rosiakc

Snort blocking all torrents
• wgstarks

Get Auto Configuration Backup to skip backing up when pfblocker updates
• nzkiwi68

New Avahi package
• dennypage

Spamed by Arpwatch Notification : Cron
• Bigozz

how to disable squid
• mcuddy

Installing WireGuard VPN
• juppin

OpenNTPD vs. NTP
• iami

SNORT
• lshantz

Question about snort + squid
• DerKlaus

manually installed package doesn't appear on lists
• adamw

TINC Restarting every few seconds
• zombielinux

FRR 0.2_4 installation broken with pfSense 2.4.4_1
• Chipa

Preinstalled packages in 2.4.4-p1
• Rico

clamd / freshclam and a control panel
• justme2