1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    i am using pfsense 2.8.0 with haproxy 0.63_10 and i have 4 sites that redirect to two different web server, i am using two frontend, one for http request redirect to https using rule: scheme https, and a second with type ssl/https(tcp mode) to redirect the request with the acl and the action, now i want to add a new site to one of the web servers i create a new backend (and even tried duplicate) and add the proper acl and action as always did but for some reason since the update to 2.8.0 the redirect keeps going to the wrong backend, i tried a test and rewrote and old backend and updated the acl and rule in the frontend and it works fine, is there a known bug since the update because it keeps happening even after reboot to pfsense and the haproxy service and reinstall of the package.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    R
    @cyb3rtr0nian Is it still working? Is it stable?"

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R
    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back. When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    577 Posts
    E
    Updated CE 2.7.2 to 1.86.2 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/quarterly/All/tailscale-1.86.2.pkg Freshports

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J
    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection. If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application? Thanks.
Log in to post
Load new posts
  • T

    Bandwidthd on cf-card? will it destroy my cf-card?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Asterisk behind pfsense (no sound)

    Locked
    25
    0 Votes
    25 Posts
    17k Views
    S
    @marcelloc: Great news!!!  :) Some dsl routers has a 'sip Alg' option that break out sip comunication. I have no idea why. Maybe you have something like that on you network. Nope not here… I have cable... :) but its all resolved now.
  • Z

    Have you tried this?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    Z
    Informative!I really appreciated it. I dont have any idea 'bout the sessions or caching sessions.I think should go deep on this. At least I know its possible,enough for now. Thanks for the help.
  • A

    Unbound error

    Locked
    16
    0 Votes
    16 Posts
    8k Views
    I
    You might also try looking for an error along the lines of BAD-TRAFFIC TMG Firewall Client long host entry exploit. That message is triggered by a bad traffic rule that looks for odd traffic on port 53, which happens to be DNS. If you have a lot of these in your alerts of blocked log, chances are that some or all DNS replies are being blocked by snort.
  • I

    FreeRadius replication

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    marcellocM
    Varnish, postifix, haproxy. You do not need carp enabled to use it.
  • G

    Squid and AD authentication

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • A

    Snort install errors - pulling my hair out!

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    G
    emerging threats rules change all the time so if you enable a rule and later update the rule set there is always the possibility that you are attempting to load a rule that no longer exists in emerging threats. That will give you your error.
  • D

    [Help] Unable to make imspector work on PFSense 2.0-Release

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    D
    Dear all, I figure out that the Y!M version 10.0.27 didn't use the default port 5050. After i update Y!M to another version, it use port 5050 and seem to be OK with imspector. Thread close, thanks all
  • M

    SQUID on DUAL WAN only use DEFAULT

    Locked
    8
    0 Votes
    8 Posts
    8k Views
    N
    Yes, you have to balance the web traffic from the localhost instead of the traffic for you lan clients.
  • R

    Problems with apcupsd and/or nut

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    libwrap.so.6 is not part of a package, its part of FreeBSD. It appears the package you are attempting to use is newer then FreeBSD 7.0-Release, which 1.2.3 is based off of. ls -al /usr/lib/libwrap.* will show you what files you have. You probably have libwrap.so.5 Using ln -s, you may be able to link libwrap.so.6 to libwrap.so.5, and it may work. But it may also not work / melt your box / kill your cat… Otherwise, try installing the package for a 7.x variant (not sure when libwrap.so.6 was introduced)
  • marcellocM

    Jail on pfsense 2.0

    Locked
    4
    0 Votes
    4 Posts
    6k Views
    marcellocM
    thanks for you reply. ezjail is working much better then pfjctrl. If you are doing patches, means that you know what you are doing. backup your vm's, uninstall pfjctrl and install ezjail. ezjail-admin will help you creating new virtual machines with freebsd 8.1. follow ezjail build steps on a freebsd 8.1-p4 and you will have same version on pfsense and jails. As pfsense2 has been release there is no problem on migrating pfjctrl to ezail. I'll try to start it soon.
  • K

    Varnish for multiple CARP IP Interfaces distinct from WAN IP address

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    Today the package listens on all interfaces at port you specified. To have multiple varnish, you can copy conf file and put a second daemon startup at gui advanced startup option. When using multiple varnish, you will need to name each one with -n arg. sample advanced startup options -n apache #set name on default daemon #startup second daemon /usr/local/sbin/varnishd \     -a :3129 \     -n squid \     -f /var/etc/squid.vcl \     -s malloc,2048MB \     -w 32,1024,300 I will find a way to change setup To let you choose interface and auto name them. Wait for pkg v 0.9. Thanks for your reply.
  • N

    SNORT issues in BRIDGE and VLAN'ed Environment

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • N

    Snort Problems Again !!!

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    T
    Snort is working great here. 2.0 Release 64bit All pre-processors on Lots of rules enabled. Works after reboot. 2gb on a vnware vm. I did have to follow other posts by uninstalling/reinstalling to get it running the first time when we were in the RC stage.  Also if I had known so rules were only 64 bit, I would have installed 32 bit pfsense.
  • K

    OVPN Client Export installer error

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    L
    Apparently this is a recent issue.  There is a fix over here: http://forum.pfsense.org/index.php/topic,41180.0.html For those who dont feel like reading the thread (Please DO though– and COMMENT so that it gets fixed :D ), or for those from google: @gusdvg: Ok so I added an error handler to the openvpn-client-export.inc file such that warnings are not printed to the exe. Tried and it works again! If you want to try this, edit /usr/local/pkg/openvpn-client-export.inc and add these lines after the require_once lines at the beginning of the file: function ignoreError($errno, $errstr) {   //does nothing... } set_error_handler("ignoreError",E_WARNING); I guess the problem still remains if you need to add additional options, but I have little time at the moment and this patch will do for now.
  • R

    Snort on pfSense packet flow

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R
    @marcelloc: Pfsense rules are set on source interface. The rule with destination To blacklist must be on lan. I set the rules up on the appropriate interfaces based on source and destination IP, but Snort sees (and then blocks) offenders that should be covered by these rules. The rule covering destination to blacklist is on the LAN interface. The rule covering source from blacklist is on the WAN interface. Still, Snort sees and blocks traffic covered by these rules. I still have these questions: Perhaps someone can clarify both the Snort alerting on hosts blocked by a firewall rule (Snort gets the packets first?), and Snort behavior in pfSense when a Blacklist and a Whitelist host are both involved in an alert.
  • K

    Ipblocklist blocking 0 networks-syslog error

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • F

    POP3 Filter

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    marcellocM
    No, only for internal smtp servers. I think pop3 protocol is getting quite old. I'd prefer IMAP. Pop3 wastes bandwidth even using p3scan or other tool, you need to download all messages to then see if you want it or not. You can build a virtual machine an try to install freebsd p3scan package. if it works as you expect install on your firewall.
  • H

    Squid Guard Time Based ACL issues

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    H
    So I updated the firewall this morning from 1.2.3 to 2.0 and now the proxy is working 100%… Not sure what changed or anything but very happy with the new release. Thank you guys. Keep up the awesome work on a fantastic product.
  • S

    Facebook, Twitter Like button error in squidguard

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM
    I saw the same thing at varnish report. Every time you apply settings, it will be included. Make report simple and it will never return.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.