1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    652 Posts
    M
    @elvisimprsntr Great in theory, not in practice. I'm the same, but there are unforseen events. Power outages, crashes, etc. And yes, I'm running a UPS.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • J

    Lcdproc is not working anymore after the las Upgrade to 2.2

    2
    0 Votes
    2 Posts
    679 Views
    J
    The system logs indicate: php: lcdproc: Failed to connect to LCDd process Operation timed out (60) Any clues?
  • M

    NTOP question

    2
    0 Votes
    2 Posts
    713 Views
    jimpJ
    Use ntopng rather than ntop. Its main screen focuses on immediate/current traffic usage.
  • S

    Bacula version compatibility issue

    4
    0 Votes
    4 Posts
    3k Views
    jimpJ
    That should be possible in theory. The FreeBSD ports tree has both available still, sysutils/bacula-client is 7.0.5, sysutils/bacula5-client is 5.2.12
  • L

    Squid Proxy with HTTPS Inspection downgrades SSL/TLS Ciphers

    3
    0 Votes
    3 Posts
    2k Views
    L
    @marcelloc: You mean client to squid cipher or squid to web server? I meant both connections. AFAIK sslproxy_cipher is for Squid <-> web server, and https_port is for Squid <-> web client. It doesn't hurt to keep both connections with strong SSL/TLS modes.
  • F

    Ldap group Search filter for users in other OU's

    1
    0 Votes
    1 Posts
    678 Views
    No one has replied
  • M

    Upgrade to pfsense 2.2 ->Installation of squidGuard-squid3 FAILED(for me Solved)

    33
    0 Votes
    33 Posts
    20k Views
    E
    Have you restart the firewall.
  • W

    Snort keeps blocking my WAN

    6
    0 Votes
    6 Posts
    1k Views
    bmeeksB
    It should not be blocking your WAN IP unless Snort is not getting restarted when your WAN IP changes.  Remember that Snort only reads the Pass List contents once at startup.  It stores the contents in a memory array and refers to that array when getting ready to block an IP.  If the IP is in the memory list, it is not blocked.  If it's not in the memory list, it is blocked.  But this memory list is only created at startup and is not updated again until Snort restarts. The BOTH selection should be fine.  You can change it if you wish, but depending on the direction of traffic, it may not help with your blocking problem.  I think that issue is caused by Snort not recognizing your WAN IP updated. If you WAN IP changes and Snort does not restart, you can get a block.  You should see some system log entries when your WAN IP changes.  Look for a line near the IP change message that says "…restarting packages...".  If you don't see that line, and your IP changed, that's going to be the problem.  You would next need to determine why the packages did not restart.  Have you applied any manual patches to pfSense itself? Bill
  • P

    How to backup configuration in readable text?

    5
    0 Votes
    5 Posts
    1k Views
    jimpJ
    ^ These things. If you have a good editor, it may already have base64 en/decoing built in. I use UltraEdit. All I have to do is select some text and use Edit > Decode base64. Notepad++ Has Plugins > MIME Tools > Base64 Decode There are scripts for Kate, and probably many other editors out there.
  • D

    [Solved] Issue installing squid and squid guard

    12
    0 Votes
    12 Posts
    4k Views
    KOMK
    I've seen this behaviour before as well.  It's almost as if there are some operations in the package being done out of order, such as copying a library file to a dir that doesn't exist and then later creating that dir.  Fails on first install because the dir wasn't there, but succeeds on second try because the dir got created at the end of the first failed install.
  • KOMK

    Custom SquidGuard Error Pages Redux

    5
    0 Votes
    5 Posts
    2k Views
    KOMK
    I haven't tried that.  The problem with editing the local file is that any changes will be blown away during an upgrade.  The posts I linked to suggested just including the function in an external file so that you only had to add the include statement to the updated sgerror.php.  I know I should move the KOMerr.php out of /usr/local/www but I wanted to get it working at a basic level first.
  • C

    Snort GUI misleading v- 2.2

    3
    0 Votes
    3 Posts
    1k Views
    C
    Thanks that worked perfectly. cjb
  • T

    Testing snort alerts

    2
    0 Votes
    2 Posts
    955 Views
    bmeeksB
    @tsolrm: What sort of things would cause snort to throw an alert? I am trying to test its functionality so I need a few test cases that would prove that it works. Thank you Enable the Emerging Threats scan rules category, then scan the firewall (on the interface where Snort is running) from a host running nmap.  That should generate some alerts for MySQL probes, VNC probes and a handful of others. Bill
  • P

    Squid3: How to set HTTPS bypass ONLY for certain clients, but leave HTTP proxied

    3
    0 Votes
    3 Posts
    797 Views
    P
    @marcelloc: As you're forwarding it via firewall nat/rules, just create a no nat rule before with your client ips. Thank you, Marcello! So, if I understand correctly, I create a rule that instead of forwarding the client's IP outgoing traffic from port 80 to port 8080 on the LAN interface (like I have with DansGuardian), I create a rule to forward port 80 outgoing traffic on the LAN interface to port 3128? so even if the proxy is set to bypass traffic from that IP in transparent mode, it will still force HTTp to be proxied, and HTTPS to be bypassed?
  • G

    Snort suppress list not working ?

    5
    0 Votes
    5 Posts
    2k Views
    bmeeksB
    @godtor: Solved, i was missing the "Choose a suppression or filtering file if desired" option.. my bad sry :) And after choosing that file and saving the change, remember to restart Snort on that interface. Bill
  • A

    Strange snort's portscan detection

    2
    0 Votes
    2 Posts
    2k Views
    BBcan177B
    Snort puts the interface in promiscuous mode so it's seeing any traffic on the selected interface.
  • M

    2.2 update(amd64) UnboundDNS package missing from package list

    2
    0 Votes
    2 Posts
    499 Views
    BBcan177B
    In 2.2, Unbound is part of the base pfSense software. Look in the GUI menu for "DNS Resolver".
  • T

    2.2 Update Woes - Squid/Squidguard/vnstat

    10
    0 Votes
    10 Posts
    3k Views
    C
    try squidguard-dev instead of squidguard3 there is an issue with the libs after reboot but search for my post on how to correct it if you still need squidguard
  • R

    Installation of haproxy-devel

    3
    0 Votes
    3 Posts
    1k Views
    marcellocM
    pbi is the feebsd port part of the package. You will need all package gui config files to be downloaded and manual edit of config.xml to include menu and execute install script that most packages has. gui files are under github https://github.com/pfsense/pfsense-packages/tree/master/config I suggest you creating a local repo instead of manual package install.
  • W

    [Solved] NUT not working with 2.2 RC (amd64)

    3
    0 Votes
    3 Posts
    1k Views
    W
    Well, I've figured this one out… I was doing a full reinstall of 2.2 (to cope with my architecture switch problem), with a complete config.xml on an USB drive. An ingenious way to do it an it works like a charm. However with a full install with config.xml on USB, none of the packages are reinstalled. Installing NUT manually afterwards creates the problem with it not starting. Removing and reinstalling the package does not help, NUT still wont start. However, after the full install I forced an upgrade with the same version, 2.2 Release AMD64, from an update image. This time the packages are reinstalled properly and NUT works perfectly again, with the old settings present in config.xml, without doing anything. This process triggered a battery calibration on my SmartUPS 1400 over serial that I cannot explain, but that is another issue. It works now.
  • C

    MOVED: ipsec 2.2 - loss of fragmented packets

    Locked
    1
    0 Votes
    1 Posts
    437 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.