1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    tinfoilmattT
    Here. I think. Referenced as "github.com: vendor-provided URL vendor-advisory" in your link.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    648 Posts
    C
    @mightykong Yes, my system also requires a restart after reboot, and what has worked for me is: service tailscaled stop && tailscale logout || true && service tailscaled start && tailscale up What has worked for updates included a [sysrc tailscaled_enable="YES"] that is supposed to handle tailscale restart after reboot, but it has not worked for me. I am looking into it, and others will be as well. In the meantime, this is my update one-liner command line: service tailscaled stop && tailscale logout || true && fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6.pkg || exit 1 && IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.90.6.pkg && rm -f tailscale-1.90.6.pkg && service tailscaled start && tailscale up Options: add && tailscale version && tailscale status to automate a first check; and, the "rm -f tailscale-1.90.6.pkg" is not needed, but once I saw the suggestion, I decided to keep it.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi everyone, This is a noob question but already tried multiple and I hope some one can help with this. I have a Wireguard Tunnel configured and handshake is successfully performed and I can ping the server from the laptop but can't do it otherwise. Already deactivate the NAT feature and all the rules and no luck. Pfsense and this server is located in a Proxmox Server, laptop is a local. Any ideas? Thank you.
Log in to post
Load new posts
  • M

    SquidGuard ACL

    3
    0 Votes
    3 Posts
    939 Views
    M
    You get a happy face karma for your efforts.  Thanks.  8)
  • V

    Squid and Firewall Rules - FailOver(Help)

    1
    0 Votes
    1 Posts
    488 Views
    No one has replied
  • denningsrogueD

    Snort Reinstall Failure!

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @pfff: Hi Thank you so much Bill for all your great work on Snort and Suricata! I ran into a problem 1-2 months ago with Snort before I switched to Suricata and just never found the time to report it. I was updating Snort and the installation script proceeded as usual to remove the old package but then my internet connection failed and the new package couldn't be downloaded and the installation aborted leaving me with no Snort at all. Perhaps it would be better to download the package first and only then proceed with the actual installation. I'm not sure if this issue is still present or related to the above post because I can't see the screenshot but I thought I'd report it. Suricata is working great, thanks again. The process for downloading and installing packages is handled by the pfSense core code.  The packages themselves have no control over that.  There have been suggestions for improvements in this area posted on the pfSense Redmine Bug Tracking site.  One of those suggestions was to first download and verify the new package before removing the old one. Bill
  • P

    Blinkled stops working since upgrading to 2.1

    5
    0 Votes
    5 Posts
    1k Views
    N
    Hi, Has anyone found a fix for the problem?.  I have pfsense 2.1.5-Release with Blinkled 0.4.3.  It installed without problems and run for a few days before the Led 2 or 3 will stopped working or blink continuously for no reason. I need to reboot the unit or go to the Blinkled interface page and click "Save" to get it working again.  This will fail again in a few days time.
  • N

    Varnish on NanoBSD pfSense

    2
    0 Votes
    2 Posts
    578 Views
    N
    No one can answer this simple question? :-[
  • L

    Snort not working

    5
    0 Votes
    5 Posts
    2k Views
    L
    @bmeeks: @laptopdude90: @bmeeks: @laptopdude90: Snort is only detecting http_inspect. It's always 'http_inspect: UNKNOWN METHOD' or 'http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE'. I've tried using IDSWakeup, which didn't trigger anything. I also tried an online port scanner, which didn't trigger anything. I have set snort up listening on the WAN port. I should probably note that my ISP requires me to set up a virtual WAN port on VLAN 35, and that is what snort is listening on. Screenshots: http://imgur.com/a/BtYoq Yes, I have updated the rules, and I have restarted Snort. Those are very common false positives.  Did you read the threads here in the Packages sub-forum about generating a Suppress List so that the known false positives don't trigger?  Search this forum for threads about Suppress List generation. Do you have blocking enabled on your interfaces?  You set this on the INTERFACE settings tab. Bill The problem isn't the false positives, it's the fact that they're the only things that trigger. What do you mean about this blocking interfaces thing? Where do I find it? 1.  From the pfSense menu, choose Services…Snort. 2.  When the Snort tabs appear, either double-click on a selected interface or click the "e" icon to edit that interface. 3.  The action in #2 above will open a new set of tabs for that specific interface's configuration.  On the SETTINGS tab you will find checkboxes for enabling the blocking of offenders. You can see what blocks have been put in place by clicking the BLOCKED tab. Where do you have Snort configured? Is it on the WAN interface or another one?  And how specifically did you run the IDSWakeup test?  Did you run that from a remote machine and target the firewall interface where Snort was running?  Depending on where you browse to and the amount of traffic on your network, it is quite common to have few Snort alerts.  For instance, on my home LAN where Snort is configured on the WAN and LAN, I get maybe one LAN alert per week because there is just me and my wife surfing and we have only a few favorite sites we visit.  On the WAN side I get a number of alerts per hour from some IP blacklists using the IP REPUTATION preprocessor. Bill Blocking is turned off. Snort is configured on the WAN interface. I ran the test from my father's network on my linux laptop, directed toward my IP.
  • T

    Squid3-dev SSL MITM Proxy Mode Not Working

    1
    0 Votes
    1 Posts
    875 Views
    No one has replied
  • F

    Cron Package - Add label to scheduled command?

    1
    0 Votes
    1 Posts
    551 Views
    No one has replied
  • 2

    How do I get squid to work with OpenVPN clients

    1
    0 Votes
    1 Posts
    808 Views
    No one has replied
  • R

    Slow speed on "some?" pages. SQUID

    3
    0 Votes
    3 Posts
    1k Views
    R
    Hi, thanks for your replay. I changed "Memory cache size" from 8 to 512, and after that it started loading pages at exceptional speed, then changed it back to 8 just to test and it kept loading the page fast. Weird behavior since i have the "Hard disk cache system" to null this whole time, Anyway its working fine and i have no idea why  :-X :-\ Thanks for the help.
  • R

    FreeRadius 2.X & OTP Authentication

    4
    0 Votes
    4 Posts
    2k Views
    R
    Sorry I can't remind what I've done to make it works. It was a misconfiguration very stupid…  Can you show me your configuration I will tell what's different with mine.
  • C

    Add packages to pfs 2.1.5?

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    You should probably use the 8.3 link instead for future pkg adds. When you install a pkg, you might need to run the following command (your reboot also fixed it) after you install the pkg for the pkg to be accessible. rehash
  • S

    Bacula-client service fails to start on boot

    4
    0 Votes
    4 Posts
    3k Views
    D
    My fix: mkdir /usr/local/bacula/ chown bacula:bacula /usr/local/bacula Run vipw from the command line and adjust the home directory for bacula to be the above mentioned directory. That is insufficient to get the correct WorkingDirectory value in bacula-fd.conf file. The path, /var/db/bacula is hardcoded at https://packages.pfsense.org/packages/config/bacula-client/bacula-client.inc Is that the problem?  I believe so.  If I edit /usr/local/pkg/bacula-client.inc and put the new path in there, the correct configuration is saved. In addition, all instances of BACULA_LOCALBASE . /etc/bacula-fd.conf in /usr/local/pkg/bacula-client.inc needs to be BACULA_LOCALBASE . /etc/bacula/bacula-fd.conf NOW it runs: [2.1.5-RELEASE][admin@pfsense.unixathome.org]/cf(110): ps auwx | grep bacula root    6659  0.0  0.3 28864  5756  ??  Is  12:56PM  0:00.00 /usr/pbi/bacula-amd64/sbin/bacula-fd -u root -g wheel -v -c /usr/pbi/bacula-amd64/etc/bacula/bacula-fd.conf root    9672  0.0  0.1  6088  1400  1  R+  12:56PM  0:00.00 grep bacula In addition, the code seems to append -dir to the Director Name via pkg_edit.php?xml=bacula-client.xml&act=edit&id=0 Hope this helps to fix this bug.
  • G

    Snort 2.9.6.2 update 3.1.2 stopped working

    18
    0 Votes
    18 Posts
    2k Views
    G
    Hi, I don't know how, but it took a while, now is working fine as I had it before. Solved!
  • L

    New package submitted for OSSEC server

    8
    0 Votes
    8 Posts
    5k Views
    E
    hello all, that's good news, I'm waiting to test this package where I can download ?
  • Z

    Youtube Dyanamic and Update Caching breaks caching

    1
    0 Votes
    1 Posts
    810 Views
    No one has replied
  • A

    [help] lightsquid package in pfsense error in running

    8
    0 Votes
    8 Posts
    2k Views
    A
    Hi, Thanks for the answer,,,,,but it does not solve my problem,…i dont want to use sarg report or maybe i will try it later but for now im looking for a solution of this error,thanks a lot...
  • W

    Snort not holding settings

    7
    0 Votes
    7 Posts
    1k Views
    BBcan177B
    @wbennett77: Thanks BBcan177, Once last question re snort. If I have the IPS policy set to Connectivity or Balanced and "Block Offenders" disabled does that make Snort just a logger or is it still protecting against the IPS policy chosen? Thanks! You have to enable "Blocking" for it to actually Protect your network. or its just going to Alert only. I suggest "Block Offenders", "Kill States" and "Block Both"
  • bmeeksB

    Snort 2.9.6.2 pkg v3.1.2 Update – Release Notes

    21
    0 Votes
    21 Posts
    3k Views
    A
    As an update… thanks for the replies guys.  I finished the HA cluster upgrade from 2.0.3 to 2.1.5 this morning (everything went perfectly).  I definitely didn't want to customize the installation by trying to get snort to work on 2.0.3.
  • P

    Pfsense 2.1.5 haproxy-devel install issue + fix

    4
    0 Votes
    4 Posts
    1k Views
    P
    Hi pjkenned, Thanks. I never thought a config that small (basically nothing configured yet, no frontends / no backends) would cause such a big problem (php process 'crashes' in the background).. Even though while when haproxy configuration is completely absent there apparently is no problem.. Send a pull-request https://github.com/pfsense/pfsense-packages/pull/720 to fix this issue. It will probably get pulled later today. Thanks for reporting the issue & providing the info required to fix it. Kind regards PiBa-NL
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.