1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: I’m surprised to see in my logs only one blocked IP, which is related to my TrueNAS I'll decode this one : @jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: Aug 5 09:01:14,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,116.147.64.181,51765,51413,out,Unk,pfB_PRI1_v4,116.146.0.0/15,ET_Block_v4,Unknown,truenasr740,null,+ Traffic, coming into LAN, from a LAN device (192.168.2.13 = your TrueNAS) going to a Chinise ( 116.147.64.181 ) Brazilian ( 177.72.195.114 - = next line ) was blocked by the "pfB_PRI1_v4" list. That's probably good thing ? ( ! ). Up to you to discover why your NAS should initiate connections to these countries. A NAS can go outside for maintenance purposes, for example to look for updates of it's system. These could be located anywhere of course. The GeoIP IP created a rule for you. How and where do you use that this rule ?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    495 Topics
    3k Posts
    J
    @MarvinFS said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: it was cleanly installed not long ago after release of 2.8.0. installed or upgraded? @MarvinFS said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: can't use netinstall as new installer doesn't want to connect to my pppoe during setup for unknown reason - so I can't use it, but it works just perfectly fine in GUI) more details here would be good. @MarvinFS said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: I've had zenarmor manually installed and crowdsec. hope your foot is OK

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    595 Posts
    E
    Updated CE 2.7.2 to 1.86.2_1 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.2_1.pkg Freshports

  • Discussions about WireGuard

    693 Topics
    4k Posts
    lvrmscL
    Since my upgrade to 25.07-RELEASE (amd64) built on Tue Jul 22 22:24:00 CEST 2025 FreeBSD 15.0-CURRENT, on one end of my most important tunnel, the tunnel still works fine, but the pfSense GUI keeps reporting the service as stopped. I had to remove its monitoring from the Service Watchdog which was also trying to start it, without success. Yet the trafic flows correctly. I'm holding off upgrading my other boxes. Is there something I could do to help diagnose?
Log in to post
Load new posts
  • H

    Bug Pfsense 2.4.1 Freeradius 0.15.1 OTP Google Authentcation is not working

    8
    0 Votes
    8 Posts
    3k Views
    B
    This is what happens when the Shared Secret key does now match ;)
  • O

    Configure NUT to only monitor and do nothing?

    2
    0 Votes
    2 Posts
    615 Views
    dennypageD
    You cannot configure NUT such that it will not attempt to perform a shutdown. You could configure a shutdown command that doesn't do anything by adding the following line in the "Additional configuration lines for upsmon.conf" section: SHUTDOWNCMD /bin/echo Note however that NUT will still do everything but shutting down the system, including shutting down any slaves. I'm also unclear on how NUT will behave following the attempted shutdown. You may have to restart the service. In general however, I would not recommend the approach of trying to split the UPS between apcupsd and NUT. If you want NUT's monitoring, use NUT for the shutdown.
  • G

    FreeRADIUS 3.x package NTLM problem

    13
    0 Votes
    13 Posts
    4k Views
    A
    @Zizi: Hi, today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords". If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication" Is there any way to use non clear text password storage with working WPA-EAP? Same here.
  • M

    Email notifications fail - Service Watchdog

    6
    0 Votes
    6 Posts
    2k Views
    GertjanG
    @Mateh: Indeed. pfSense 2.4.3 running Service_Watchdogs 1.8.4. Settings from Notifications: E-Mail server: smtp.mailgun.org SMTP Port of e-Mail server: 465 Secure SMTP Connection: [tick] From e-mail address: my@email.com Notification E-mail address: my@email.com Notification E-Mail auth username: my@login.email Notification E-Mail auth password: mypass Notification E-Mail auth mechanism: PLAIN Looks fine to me. I have exactly the same thing, with one difference : I'm not using some mail supplier, but my own mail server on a delicate server on the Internet (so I have full control on both sides). You are using the right port (465 - which uses TLS from start) and you are identifying yourself correctly. If this goes wrong ones in a while, answers should by found by the one running "smtp.mailgun.com".
  • F

    Problem with freeradius

    2
    0 Votes
    2 Posts
    569 Views
    GertjanG
    Your last image : as per https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS - Section : Amount of Traffic the option "re-authenticate users every minute" should be set so the user gets disconnected. Otherwise your limit of "1200" (Mbytes) will not work … What I did to check / debug all this : I read this : https://doc.pfsense.org/index.php/Testing_FreeRADIUS This : https://doc.pfsense.org/index.php/Additional_Logging_for_FreeRADIUS (written for 2.x but useful). Also : when your setup is ok, goto    Status => Services STOP the radius daemon. Acces the console. Take option 8 - SSH access. Type``` radiusd -h Read … Find the option -X Use it ! Start radfius by hand using **radiusd -X** (or **radiusd -X -xx**) Now you have all the info - there should be no red lines. Keep this console window open. Now login with a user on the captive portal. The entire login info will be laid out, and it's easy to find what went wrong. Questions about what being shown , Normal. Radius is not some small program, it's huge, took me days of just reading this one https://fr.wikipedia.org/wiki/FreeRADIUS and many others. With manuals, Radius (FreeRadius) is useless. > I added a cronjobe << 0 0 * * * root / bin / rm / var / log / radacct / datacounter / day / used-bytes - * >> This won't work  :) For example, "day" doesn't exist. See image for my cron entries, I used the the cron package of course. ![cron.PNG_thumb](/public/_imported_attachments_/1/cron.PNG_thumb) ![cron.PNG](/public/_imported_attachments_/1/cron.PNG)
  • M

    WPAD error

    1
    0 Votes
    1 Posts
    509 Views
    No one has replied
  • D

    Telegraf / Influxdb

    2
    0 Votes
    2 Posts
    1k Views
    C
    Duplicate of https://forum.pfsense.org/index.php?topic=145991.msg796861#msg796861 and it's an upstream issue: https://redmine.pfsense.org/issues/8425#change-36362
  • A

    No Samba package on Pfsense?

    18
    0 Votes
    18 Posts
    3k Views
    ScottyDMS
    Forget pfSense and use FreeNAS instead. It too is built on FreeBSD. However FreeNAS needs RAM–8 GB minimum.
  • A

    Clamd problem

    1
    0 Votes
    1 Posts
    319 Views
    No one has replied
  • J

    Blocked Domain Reporting with Ntop

    1
    0 Votes
    1 Posts
    495 Views
    No one has replied
  • K

    FreeRadius3 EAP-TLS error

    4
    0 Votes
    4 Posts
    2k Views
    P
    this works, but revocation will not work. so if you revoke a cert, the authentication will still pass.  If you want to be able to revoke certs, and have free radius honor that, then follow what worked for me: I have found the workaround solutions posted in the forums, for free radius and a functioning CRL, do not quite work. The workarounds listed: https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls semi work.  The problem is, the manual changes are wiped away easily.  i.e. a change in the radius config (i.e. a user attribute), will cause the radius.conf and the cert files to be overwritten.  A little background on my system: -Free radius v3 -pfsense v2.42 p1 Now, i think i may have found a workaround, that is "sticky".  It follows the same method as listed in this thread (https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls), but instead of appending the CA/CRL in the same file via the CAT command, append the CRL via the pfsense GUI to the CA cert body.  This way, every time you reload freeradius, it reads form the PFSENSE Cert files, and now everything works. Also, i found if you configure sub CA's, free radius has issues with that.  So, a work around for that, is to: -create your root CA -create sub CA -create crl for sub ca -then, "import" a CA.  the cert body will be the root->sub->crl -create free radius server cert -in free radius, use the "import" CA, and the free radius server cert ..i found if you dont do this, free radius will error with error 19, self signed in the chain.  Understand the reason to use sub certs is for security, as i understand root CA's are designed to create sub CA's, not user or server certs.  This way, if sub CA is copromised, you dont have to recreate cert chain, just that particular sub ca. I dont claim to be a PKI expert, but the above worked for me. –-note, for revocation to work, you will have to re-paste the CRL info back into the "import" cert, and restart radius.  note, that restarting radius via the GUI, i.e services click the restart gear, does not work.  I found i needed to make a change to free radius, i.e change a setting in the eap config, save it, then set it back, svae it.  this seems to trigger a true radius restart. hope this helps
  • J

    CollectD goes off

    1
    0 Votes
    1 Posts
    549 Views
    No one has replied
  • R

    Manually loading packages

    2
    0 Votes
    2 Posts
    490 Views
    GertjanG
    @robert.herrmann: I am a noob using pfSense and freebsd, so please be gentle. pfSense is using FreeBSD is it's base OS. But differences exists : one of them is the package handling. @robert.herrmann: I have a pfSense installation running version 2.4.1.  This system does not have access to the internet.  :( Wait … Your posting on a public forum, right ? Bring your system along the next time - update - upgrade - done. @robert.herrmann: I would like to install freeradius but am struggling.  I have managed to download the .pbi (freeradius-2.2.5_3-i386.pbi) and get it copied into pfSense machine into the /tmp directory.  But I cannot seem to find a way to install this. This situation was mentioned some time ago. I guess it was completely abandoned. I guess you have to connect  it at least ones …. edit : wait ! I guess it possible - it probably a manual job, not or very badly documented. Get out of the noob phase and you'll be fine. I asked the world for advise ( pfsense install package without internet connection ) - it came back with https://forum.pfsense.org/index.php?topic=130966.0
  • J

    Pls develop this pkg for VPN proxy detection

    3
    0 Votes
    3 Posts
    695 Views
    J
    Thank you! I will take a look
  • Z

    FreeRadius 3 and OTP

    5
    0 Votes
    5 Posts
    2k Views
    S
    Hi there, I just registered to comment that I got OTP to work with PAP protocol only. Set it up in System > User Manager > Authentication Servers > your FreeRADIUS auth server > Server Settings > Protocol: PAP. Note that MS-CHAPv2 is the default option. I hope this helps someone!
  • SammyWooS

    SOLUTION: apcupsd to Minisys (ProtectLI) and APC Smart Serial Interface

    1
    0 Votes
    1 Posts
    819 Views
    No one has replied
  • S

    Stunnel enhancement.

    1
    0 Votes
    1 Posts
    561 Views
    No one has replied
  • B

    Block internet access for kids, but allow FaceTime (on port 80)

    11
    0 Votes
    11 Posts
    2k Views
    NogBadTheBadN
    Seems to work protocol any. I'd do the schedule like my second attachment, where 172.16.3.100 is the iDevice IP or an alias that contains multiple IP addresses. [image: Untitled.jpg] [image: Untitled.jpg_thumb] [image: Untitled.jpg_thumb] [image: Untitled.jpg]
  • B

    Mail Relay versus port forwarding

    4
    0 Votes
    4 Posts
    1k Views
    B
    @biggsy: I agree with pete35.  I used to run the postfix package on the firewall but there are some good reasons not to do that. What are the good reasons out of interest ? BA
  • D

    FreeRadius 3.x pfSense authentication with MD5-Password

    1
    0 Votes
    1 Posts
    573 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.