1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    W

    @qinn
    Sent him an email Dan an email to the address on his site.. Not sure what is happening, my Teams stopped working. Disable it/turn it off and the problem went away.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • M

    Thank you for Squid and Lightsquid packages

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    jahonixJ

    Krishna,
    if you are running a full install go to Packages and add it.
    If embedded is what you are using then it won't work since packages are not available on that platform.

  • J

    Overall bandwidth throottling with Youtube ..

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    J

    @Shackattack:

    My Setup:

    Maximum download size: 95000

    Maximum upload size: 20000

    Overall bandwidth throttling: 600

    Per-host throttling: 400

    All trottles are marked

    Throttle other extensions: avi,mov,mpeg,mpg,wmv,rm,wma,wmv,wav,mp3,mp4,swf,flv,pdf,doc,ppt,zip,rar,bz2,gz,bin,exe,msi,7z,nrg,iso,mdf

    Works perfekt and I think the Per-host throttling is used to limit bandwith.
    All Video Streams are limited to 400 KB/s in my network

    Thanks! I am trying now .. which version do you have ?

  • C

    Snort - block offenders

    Locked
    16
    0 Votes
    16 Posts
    17k Views
    C

    hi!

    i have made some kind of workaround:

    2 solutions:

    first one:

    if you have spare hardware left put in 2 nics, install a base debian system and have a look at this:
    http://www.openmaniak.com/inline.php
    when you are at the point installing base, take the precompiled debian package acidbase. you will have less troubles and dont forget to add the startup script.

    When finished you will have a fine IPS based on snort rules.

    second one:

    just like 1 but:
    install 4 nics, after completing installing snort inline, install vmware, install pfsense on vmware

    example nic definition:

    eth0 and eth1 used for bridge br0 under debian

    bridge vmnet0 to eth2 = LAN pfsense

    bridge vmnet2 to eth3 = WAN pfsense

    bridge vmnet3 to eth2 = OPT1 pfsense

    You now have a firewall, an IDS and an IPS on one machine

    regards

    CC

  • M

    Squid - bypass transparent proxy when going through IPsec {SOLVED}

    Locked
    5
    0 Votes
    5 Posts
    7k Views
    T

    I added an option to let squid NOT redirect RFC1918 subnets…

    just reinstall the package and have a look :-)

  • D

    Squid can't connect some web sites

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    D

    Dear Mrsense,

    Thank you so much, it works.

  • S

    Squid setting for use of subversion

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    T

    it's not a new squid version…

    just a checked-in-patch... reinstall and have fun...

    have a look at the timeline to see the changes...

  • J

    Unable to Install Squid on 1.2-RC2

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    J

    Great thanks a lot !!

  • H

    Snort and 1.2RC2

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    C

    hi folks!

    hiting save also solved the snort probelm here

    but imspector refuses to work

    i am using pfsense as transparent bridge only with traffic on wan and opt1

    has anyone yet found a solution?

    regards

    cc

  • F

    Question about miniupnpd package

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    F

    I did a firmware update last night to 1.2 RC2, and it seems to have cleared up on its own.  Both the UPnP and MiniUPnPd pages show up properly now.  Thanks everyone!

  • J

    Monowall + pfSense as FreeRadius and Squid

    Locked
    3
    0 Votes
    3 Posts
    6k Views
    J

    Thank you !

    the 1st problem is solved (and now i can see who visited wich page on lightsquid)

    but now i have only the second dragon to kill… hack pfsense freeradius to give monowall the per user bandwidth.

  • C

    FreeRadius Package

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • K

    Unable to install Packages

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    Cry HavokC

    Have you read the other threads on this topic?  They contain a number of tests you can use to find out where the problem is.

  • G

    PfSense v1.2 RC3 - Bandwidthd - Not working

    Locked
    3
    0 Votes
    3 Posts
    6k Views
    G

    Fixed it!

    Change to scan LAN and enable promiscuous mode.

  • G

    How to manually uninstall packages (bandwidthd)?

    Locked
    8
    0 Votes
    8 Posts
    38k Views
    jahonixJ

    @gshipp:

    …can I use Microsoft Word or Dreamer Weaver to edit the .XML?

    No, please don't!
    Even though it's an XML file you can edit it with most any pure text editors like notepad from Windows.

    I'd like to mention notepad++ (http://notepad-plus.sourceforge.net) which is a free notepad alternative comparable to hoba's editor of choice. UltraEdit should work as well but I think it's not free…

  • R

    Avast Updates Fail!

    Locked
    12
    0 Votes
    12 Posts
    8k Views
    R

    I live by the web interface and do not dig to deep into the config files! I have to have a "keep it simple stupid" policy! Because if I get hit by a truck there is NO ONE to keep the systems going! I am in Egypt and after 3 years here I now know that Aliens built the pyramids! Because there is now way in hell they got build by the Egyptian Minds and Egyptian Natives!

    So I did it the simple way and figured the naming convention for most of the primary virus protection companies and loaded it into a text file and maualy loaded it to all pfsense servers… Problem solved and all is quite!

    If wanted I can post the No Cache Virus Server Update List.... Let me know!

  • D

    I don't see the packages menu

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    C

    ntop is not going to work on a 4501 even if you did run a full install on a microdrive. It requires way too much RAM to function on a system with only 64 MB. pfSense technically isn't even supported on less than 128 MB, though for some purposes 64 MB will suffice.

  • I

    Hobbitclient - monitoring (or installhowto ;-) )

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    Openntpd doesn't work

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    K

    Will a fix for this be incorperated into 1.2 rc 3?
    im currently using 1.2 rc2 its yet to auto sync with the exception of first boot for 13 days now.
    Ive been logging in through ssh to force a sync the past two days

  • G

    Possible problem in Snort package dealing with MicroSoft IE

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G

    Well - here is a fix to the issue with Microsoft IE vs other browsers….

    In the /usr/local/www/snort_rules.php file there is a javascript function called 'go'.

    brackets to denote an array index but instead uses the () parans… and then only if there are more than one object of the same type (lousy implementation if you ask me!)...

    Anyway - the "fix" to allow the different browsers, including Microsoft's IE, to display the Category information properly is to detect if the browser is msie or a different one - then setup the go function assignements accordingly:

    function go()
    {
        var agt=navigator.userAgent.toLowerCase();

    if (agt.indexOf("msie") != -1) {
            box = document.forms.selectbox;}
        else
            {box = document.forms[1].selectbox;}

    destination = box.options[box.selectedIndex].value;
        if (destination) location.href = destination;
    }

    I have tested the above code using both Firefox and MSIE-7 and it works properly - if anyone else wants to test please feel free - hopefully this will end up in the snort package as a fix..

    gm…

  • L

    Darkstat cannot connect on 666

    Locked
    5
    0 Votes
    5 Posts
    6k Views
    L

    No but I will do that now thanks :D

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.