1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • T

    How to secure owa & activesync exchange 2010/2013 w reverse proxy squid3 & more

    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • R

    Redirect page for SquidClamAV (squid3-dev) 404

    2
    0 Votes
    2 Posts
    2k Views
    C

    the location of the clwarn.gi file is under the pbi folder…correct yr path to get the result

  • G

    Squid3 transparent proxy breaking firewall rules

    1
    0 Votes
    1 Posts
    737 Views
    No one has replied
  • BBcan177B

    Snort blocking VPN traffic

    5
    0 Votes
    5 Posts
    6k Views
    BBcan177B

    Thanks Bill,

    The mobile clients are all dynamic so I will have to look at my logs and see what the address pool is before I can do that.

    Too bad snort can't automatically add the mobile vpn clients.

    Thanks

  • M

    Problem / Error with enabling Syslog-ng

    3
    0 Votes
    3 Posts
    4k Views
    M

    One extra note:

    After setting up everything as described earlier I see the following in the System Activity screen:
    So It seems when running syslog-ng as server it consumes some of your CPU resources.

  • H

    Where is Chudy?

    6
    0 Votes
    6 Posts
    2k Views
    C

    @hyundrax:

    chudy.0fees.net its online again..  ;D ;D

    That's unfortunate, it should go away forever. If you're using that, you're insane. You will break your system, you're using code that hasn't had any updates in over 3 years, and is hosted by a server that's continually hosting malware.
    https://forum.pfsense.org/index.php?topic=69295.msg405783#msg405783

  • X

    Pfsense 2.0rc3 with dualwan +lusca cache

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    C

    Don't use that lusca package.
    https://forum.pfsense.org/index.php?topic=69295.msg405783#msg405783

  • O

    Package Lusca r14850: not working suddenly

    2
    0 Votes
    2 Posts
    2k Views
    C

    Your problem is running Lusca. Don't.
    https://forum.pfsense.org/index.php?topic=69295.msg405783#msg405783

  • G

    How to get LightSquid working for OpenVPN client traffic?

    2
    0 Votes
    2 Posts
    791 Views
    G

    Turns out all I had to do was bind Squid to my lan and specify my local cache managers.

  • G

    How to disable Squid3 service?

    5
    0 Votes
    5 Posts
    1k Views
    G

    That's the ticket, do not bind to any interface to disable Squid service. Need to hold the ctrl key to toggle select and de-select.

  • F

    Freeradius2 and SQlite backend

    2
    0 Votes
    2 Posts
    1k Views
    N

    Hi,

    you could run freeradius in debugging mode with radiusd -X and have a look what is missing when using sqlite. If you change any files manually then you must not do any changes on GUI because this could overwrite your changes.

    Updatung to freeradius3 will be probably not possible with the existing GUI. Freeradius3 is a complete new developement and the config is - as far as I know - not compatible with freeradius2.

  • T

    Squid has never worked

    5
    0 Votes
    5 Posts
    1k Views
    marcellocM

    https://forum.pfsense.org/index.php/topic,62256.0.html

    https://forum.pfsense.org/index.php?topic=66633.msg371406#msg371406

    @marcelloc:

    For amd64 you can use these cmd to fetch missing files

    fetch -o /usr/local/lib/libasn1.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10 fetch -o /usr/local/lib/libgssapi.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10 fetch -o /usr/local/lib/libheimntlm.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10 fetch -o /usr/local/lib/libhx509.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10 fetch -o /usr/local/lib/libkrb5.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10 fetch -o /usr/local/lib/libroken.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10
  • N

    Snort[92758]: *** Caught Term-Signal (Snort GPL+VRT rules, OR ETOpen rules only)

    4
    0 Votes
    4 Posts
    3k Views
    bmeeksB

    @Nadrek:

    I only have one WAN; it's named "Main WAN" because I have hopes of setting up a secondary WAN connection in the future.

    Snort appeared to be started with all three rulesets - I'd noticed the failure before starting to set up some more VLANs.  Nonetheless, I double-checked the setting (as I do before every "upgrade" using the uninstall/reinstall technique), and then uninstalled and reinstalled.

    It definitely looks OK now, and blocking is fully functional; thank you very much for the very clear advice and for your time.

    Glad things are fixed for you… :)

  • C

    Multiple dansguardian instance

    16
    0 Votes
    16 Posts
    3k Views
    C

    Thanks marcelloc

  • C

    Zebedee or Stunnel Config and Questions

    4
    0 Votes
    4 Posts
    1k Views
    marcellocM

    IIRC,  package gui helps on server side but you can create a client config using filer package to establish connection from one pfsense(client) to server.

  • I

    Squid3 Reverse proxy multiple domains?

    6
    0 Votes
    6 Posts
    3k Views
    marcellocM

    Can you try it with squid3-dev package?

  • KOMK

    HAVP + Squid + SquidGuard = Slow??

    6
    0 Votes
    6 Posts
    3k Views
    O

    Hi,
    I made the changes in Dns Forwarders, but without any good results, the pages are still slow opening. Any advice ?
    Thank you

  • L

    Squid + Dansguardian issue

    33
    0 Votes
    33 Posts
    8k Views
    L

    Just thought I'd report back. I  did a wipe/rebuild and everything is working as expected.

  • ?

    Snort - VPN - P2P-ruleset

    2
    0 Votes
    2 Posts
    1k Views
    X

    Yep, happened to me. Well the vpn wasn't blocked because I have the remote host added to the $home_net, but it was triggering an alert.

    1:2003310 ET P2P Edonkey Publicize File

  • B

    Squid caching alternative

    2
    0 Votes
    2 Posts
    1k Views
    K

    If you install the "Proctor Caching" software you will see that it is just Squid for Windows repackaged with a web framework that provides a user interface for the online testing.

    Once you install the Proctor Caching software you could edit the conf file:

    C:\ProctorCache\squid\etc\squid.conf

    And point it to your pfsense box IP address and port.

    Stop and Start via the .BAT files and you should be good.

    This way you can still use their software and your pfsense box together. You will be caching on two levels though.

    Hope this helps.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.