1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    Hello all, This is an older implementation of pfSense and Suricata running on a Netgate SG-3100 box. pfSense version: 2.4.4-RELEASE-p3 (arm) Suricata version: 4.1.7_2 This firewall has been working flawlessly for years but recently has been producing a lot of false alerts/blocks in Suricata during basic internet usage. I have noticed that the ETOpen rules in Suricata have not been updating since early October. Here is the log: Starting rules update... Time: 2025-11-02 08:16:16 Downloading Emerging Threats Open rules md5 file... Emerging Threats Open rules md5 download failed. Server returned error code 410. Server error message was: 410 Gone Emerging Threats Open rules will not be updated. The Rules update has finished. Time: 2025-11-02 08:16:17 Is there any solution to this without going through a risky/painful upgrade to the entire firewall OS and packages? Thanks for any help, Nate

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    N
    @netboy Most probaly a configuration regression. You really need to dig deeper. From which pf version did you upgrade? Have you tried removing and reinstalling pfblockerng? Looking to the moon for craters with naked eye doesn't show the one that the crashed spaceship created. Use a telescope instead. FWIW, I see quite a few pfblockerng instances on 25.07.1 running with no (apparent) issues τοο

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: @dennypage My UPD indicate runtime: 18:21 Yes, but that may be completely inaccurate, especially with bad batteries. That's why you run a calibration test.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    I feel like I’ve followed every guide there was. I was able to get nordvpn via wireguard on my pfsense but for the life of me I can’t get my own wireguard server working. I can’t even get a handshake. I have all the firewall rules mentioned, the gateway, interfaces. Etc. I got no clue what to do at this point. Can anyone please help? I’ll provide any information required I just don’t even know where to start I’ve tried every YouTube video possible and guide it’s strange. I was able to get nordvpn working but I can’t get my own.
Log in to post
Load new posts
  • V

    Problem with squid guard target categories

    7
    0 Votes
    7 Posts
    934 Views
    JonathanLeeJ
    @victorrhoden00 reinstall the package remove that file redownload the black list
  • F

    packages do not work after update from pfsense 2.5.2 to pfsense 2.6.0

    14
    0 Votes
    14 Posts
    3k Views
    johnpozJ
    @parry said in packages do not work after update from pfsense 2.5.2 to pfsense 2.6.0: Does this mean 2.6 is no longer supported 2.6 is no longer supported https://docs.netgate.com/pfsense/en/latest/releases/versions.html
  • P

    wget

    3
    0 Votes
    3 Posts
    305 Views
    P
    @johnpoz Ahh.. Thanks. Will look in to those.
  • D

    Confused with Zabbix

    6
    0 Votes
    6 Posts
    1k Views
    D
    @keyser i think i understood this in the first place, the thing is that from all the videos and the guides that i watched and tried i cant semm to understand where to import the pf sense host to send the data.
  • JonathanLeeJ

    Syslog-ng Status 10 mins

    syslog-ng stats frequency custom object ap syslog
    3
    1
    0 Votes
    3 Posts
    600 Views
    JonathanLeeJ
    @keyser thank you that fixed it
  • Q

    [BUG?] Ram disk breaks ntopng

    Moved
    9
    0 Votes
    9 Posts
    2k Views
    B
    This post is old but for anyone interested, I confirm the issue too: with RAM Disk, ntopng configuration is reset when a "normal" reboot of pfSense occurs (even if Periodic RAM Disk Data Backups is set). pfSense v2.7.2-RELEASE package ntopng v0.8.13_10 in pfSense (ntopng-5.6) And contrarily to what I read in other posts questioning usefulness of RAM Disk settings, from my limited understanding, I think it's quite useful on my setup: I have a "low cost" box (Beelink EQ12 with a 512Gb SSD). They don't specify the TBW of the disk but I estimated it quite low from SMART health status. After 3 or 4 months of use, SMART indicates disk reached 15% of its lifetime. With 13.1 TB of Data Units Written (raw value 25,742,265), we can approximate the TBW to around 85 TB, which means the SSD is of a very low quality. This does not bother me because I specifically looked for a low cost, "just enough" box for pfSense. By comparing SMART measures before and after enabling RAM Disk, I found 3.7/sec vs 0.2 / sec for Data Units Written and 46.2 / sec vs 0.9 / sec for Host Write Commands. I concluded RAM Disk makes a huge difference in my setup. Between RAM Disk and nTopNG, there is no doubt I prefer to keep RAM Disk.
  • JonathanLeeJ

    Use of Syslog-ng Package to see Bridge Mode AP syslog events on firewall.

    syslog-ng syslog access point nas logging
    2
    7
    0 Votes
    2 Posts
    1k Views
    JonathanLeeJ
    I know what your thinking, Big deal, I got logs in pfSense, But here the issue is, most often you will be running your AP in bridge mode and having pfSense hand out the DHCP addresses, and if your in bridge mode not much info on whats connecting to the NAS internally behind the firewall is ever seen on the firewall logs. This gives you a level of visibility not normally seen within pfSense unless it is configured. Again if you can do it with one AP you can do it with an alias for many APs on a bigger network. This gives you more information into possibile mac spoofing and unauthorized access. If you use remote access and Dynamic DNS for your network, you can see the firewall logs and the AP logs as well.
  • Raul RamosR

    FreeRADIUS cipher_list = "DEFAULT@SECLEVEL=0" (loco M2 client)

    Moved
    3
    1 Votes
    3 Posts
    1k Views
    TechSSHT
    same situation for me
  • A

    Error updating repositories

    6
    0 Votes
    6 Posts
    3k Views
    L
    @aes4096 said in Error updating repositories: I solved it using the command certctl rehash thx. this saved me from setting up everything from scratch. Initially I tried to view installable packages and wondered as the list was EMPTY. Then I tried the update process via command line and got multiple errors like: pkg-static update pkg-static: An error occured while fetching package Unable to update repository pfSense pkg-static clean pkg-static: Repository pfSense-core missing. 'pkg update' required The trick then was to use the debug option: pkg-static -d update Here I got an SSL certificate problem: self-signed certificate in certification chain solved it with your hint above! Thx
  • L

    Darkstat fails to start

    1
    0 Votes
    1 Posts
    230 Views
    No one has replied
  • R

    How to Decode a pfBlocker-NG Log Entry

    3
    0 Votes
    3 Posts
    579 Views
    R
    @kiokoman Thanks for the reply. This is just buggy app design by the NFL for use on the Roku platform. For now, I will just cast from my iPhone when I want to - that app works without fail. Thanks again.
  • jimpJ

    System Patches Package v2.2.9_1

    2
    12 Votes
    2 Posts
    2k Views
    L
    This breaks connectivity from windows terminal openssh which is at OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3 currently in win11. No one-click way to get that updated. Also putty 0.62 didn't work but the latest 0.80 does work fine from windows. Just a heads up. /Lars
  • M

    pfsense HAProxy package won't write backend server information to haproxy.cfg

    1
    2
    0 Votes
    1 Posts
    260 Views
    No one has replied
  • S

    unable to list new packages, Unable to update repository pfSense-core

    2
    0 Votes
    2 Posts
    772 Views
    S
    [23.05.1-RELEASE][admin@t]/root: pkg-static upgrade -fy pfSense-repoc Updating pfSense-core repository catalogue... pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package repository pfSense-core has no meta file, using default settings pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package repository pfSense has no meta file, using default settings pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package Unable to update repository pfSense Error updating repositories! [23.05.1-RELEASE][admin@nst]/root:
  • H

    Available packages not showing in pfsense 2.7.0 FreeBSD

    5
    0 Votes
    5 Posts
    2k Views
    H
    I encountered another problem with the upgrade, the upgrade to 2.7.1 or 2.7.2 not offered. I readed https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html (Repository Metadata Version Errors) I solved it in this way: From Diagnostics > Command run command: env ASSUME_ALWAYS_YES=yes pkg-static bootstrap -f Then Navigate to System > Updates Set the Branch to Latest Development Snapshots Wait for the page to refresh Set the Branch to Latest stable version And done! Now im running on 2.7.2 After upgrade The Avaible Packages are displayed.
  • S

    openvpn-client-export 1.9.2 | Viscosity Bundle | ECDSA missing key

    3
    0 Votes
    3 Posts
    493 Views
    S
    @jimp thank you for looking into this ticket. Maybe my certs are to old, we can reproduce this on two different systems.
  • M

    HAProxy and RDP

    2
    0 Votes
    2 Posts
    808 Views
    V
    @mpatzwah said in HAProxy and RDP: I would like to use for example rdp1.mydomain.de connect to 172.30.30.101 rdp2.mydomain.de to 172.30.30.102 rdp3.mydomain.de to 172.30.30.103 I guess, all these host names are mapped to a single public IP. Then how do you think, they could be differed in the RDP protocol? When I switch to Type=tcp rdp works but i can´t use the rule "hosts matches" or "host contains" Yeah. The host... ACLs target to the host header, which is part of HTTP. Hence it is only available in an HTTP frontend, which is capable to read the header information. is there any way to get this working ? You shouldn't do a naked RDP connection over the internet anyway. So consider to set up a VPN server and go over the VPN, so there is no need use a single IP for multiple RDP servers.
  • F

    PDO library for postgres not found pdo_pgsql

    1
    0 Votes
    1 Posts
    272 Views
    No one has replied
  • A

    Package Manager wont load Available Packages

    11
    0 Votes
    11 Posts
    7k Views
    M
    Suddenly "Available Packages" appeared. Nothing changed here. Miracle???
  • D

    PFSense 2.6.0: ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/sbin/pkg not found

    9
    0 Votes
    9 Posts
    12k Views
    astroslugA
    Just adding my experiences onto this issue. TLDR; can confirm that the proposed method worked for me. I was seeing not only this issue, but also "Unable to check for updates" in all update-related sections of the Web UI. My update branch was pointing at 2.7.0-RELEASE, but my system was reporting 2.6.0 and the whole system seemed mildly hosed despite still functioning. After following the recommendations here by pointing the branch to 2.6.0-RELEASE, then connecting via SSH to bootstrap the package system, I had this: /root: pkg bootstrap -f The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y Bootstrapping pkg from pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0, please wait... Verifying signature with trusted certificate pkg.pfsense.org.20160406... done pkg-static: warning: database version 36 is newer than libpkg(3) version 35, but still compatible Installing pkg-1.17.5_4... package pkg is already installed, forced install Extracting pkg-1.17.5_4: 100% Following that, I tried to run an update via the Web UI, but it said the system is up to date. The branch was now pointing at 2.6.0-DEPRECATED or something like that. I switched the branch back to 2.7.0-RELEASE, and checked for updates via the Web UI again. This time, it looked correct and listed 2.7.0 as an upgrade path. I then carried out a full update. After a nerve-racking 5-minute reboot, pfSense came back online and appears to be operating correctly.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.