1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    B
    @Greyhat I think it's useful to work with what we've got and figure something out for the (i hope) edge cases later. So for the JSON I figured you can actually use an existing suricata integration by co-opting their pipelines.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @dma_pf Debt collector, or debt relief service?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @netboy said in Docker container for nut server?: I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!! My apologies. I interpreted your earlier question I think i need to explain what i am asking for. I am fully aware if your netgate router is attached to an UPS you can configure netgate. Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality? as a request to have something running on pfSense, which is why I responded I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead. Mutual misunderstanding I guess. If you want to explore general NUT monitoring, and not something particular to pfSense, I would recommend the NUT Users list as a better place to seek information.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    638 Posts
    L
    @Vad-B Interesting indeed! I just tried to fill the Pre-authentication Key with file:/dev/null. I get an crash in pfsense after some time, but when I login again is saved. For me this for after service restarts at least this solves it, including the issue with the routes not being advertised even set in the WebUI. Havent done an full restart of pfsense (yet)

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    I feel like I’ve followed every guide there was. I was able to get nordvpn via wireguard on my pfsense but for the life of me I can’t get my own wireguard server working. I can’t even get a handshake. I have all the firewall rules mentioned, the gateway, interfaces. Etc. I got no clue what to do at this point. Can anyone please help? I’ll provide any information required I just don’t even know where to start I’ve tried every YouTube video possible and guide it’s strange. I was able to get nordvpn working but I can’t get my own.
Log in to post
Load new posts
  • panzP

    Snort stupid question: whitelists and Suppress lists.

    29
    0 Votes
    29 Posts
    29k Views
    panzP
    OK!  :)
  • 2

    /etc/squid/squid.conf

    1
    0 Votes
    1 Posts
    682 Views
    No one has replied
  • M

    Offline package repository

    4
    0 Votes
    4 Posts
    1k Views
    B
    @Moosecall: I followed the steps listed in the wiki, it breaks at step 3 running the second php test script.  I am only following the steps for 2.0 setup as the firewalls that will be using it are 2.1.  I did try having a firewall pull from it but as expected no joy. The server is a fresh install of Ubuntu 12.04 lts server, that is doing nothing else.  I installed apache, git and php. You sure the git clones were successful?
  • D

    Squid3 looping issue

    1
    0 Votes
    1 Posts
    789 Views
    No one has replied
  • M

    Squidguard - multiple users/groups

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    They must be independent. It's more work but that is what is required. Each ACL must define the exact list of actions for each category.
  • L

    Proxy on Alix ??

    6
    0 Votes
    6 Posts
    4k Views
    jimpJ
    It does work on ALIX, not for caching but for access control only (with squidGuard). Memory is the biggest drawback on those
  • S

    PfBlocker different on 2 installs

    3
    0 Votes
    3 Posts
    922 Views
    P
    In pfSense an interface without any rules is already blocking everything by default. pfBlocker is smart enough to understand this. If an interface (e.g. WAN) has no rules, then pfBlocker does not bother to add block rules. Maybe that is the difference between your WANs?
  • D

    Squid3-dev 3.3.10 pkg 2.2.1 & transparent ssl

    8
    0 Votes
    8 Posts
    2k Views
    belleraB
    I looked at squid.conf and it's using only error_default_language directive. I found only another squid directive for error pages: http://www.squid-cache.org/Doc/config/error_directory/ But it doesn't help to solve the problem that you told us. I think the only solution is to modify the files at /usr/local/etc/squid/errors/en/ (en, if you use English) and put a redirect code to an alternative URL. Example: This will show http://www.yourdomain.tld/access_denied.html to the user.
  • S

    Squid is acting Strange

    4
    0 Votes
    4 Posts
    2k Views
    S
    So Lightsquid is saying the file i am downloading is cached. But when i redownload the file i get no speed boost, and the file is coming from the internet. But lightsquid is saying the file is 98% Cached. Headscracther for me! ty
  • perikoP

    Squid3 cachemgr vs squid -k parse differ.

    1
    0 Votes
    1 Posts
    799 Views
    No one has replied
  • M

    Using Squid/Squidguard as a whitelist proxy

    2
    0 Votes
    2 Posts
    906 Views
    jimpJ
    Yes, you can do that. If you're a Gold Subscriber we did a video presentation on Squid, Squidguard, and Lightsquid last Friday and it was mentioned how to set that up. It should be up for download soon. SquidGuard can be set to "deny" by default, add in your own whitelist on top of that and it does what you're wanting. Though it'll be more work than you might initially suspect.
  • S

    OpenVPN Client Export Utility

    8
    0 Votes
    8 Posts
    2k Views
    A
    I think Snort was causing this for some reason.  When I removed the package I was able to install the Export Client utility without trouble.
  • E

    LightSquid Removing Traffic From Previous Days

    3
    0 Votes
    3 Posts
    1k Views
    E
    Looks like the issue was with Squid. Setting my log rotation to blank instead of 28, LightSquid and Sarg are showing more than one day's worth of traffic.
  • belleraB

    Squid3-devel + squidGuard-squid3 - double https redirection

    5
    0 Votes
    5 Posts
    3k Views
    belleraB
    @dvserg: But http://squid-web-proxy-cache.1019090.n4.nabble.com/Squidguard-redirect-and-https-td4662707.html The problem is not Squid nor HTTPS. The problem is that the HTTP protocol has a standard that allows redirection and the HTTPS protocol does not. The HTTPS protocol was designed to be secure and does not allow any type of interference. The link refers to squid2, without SSL interception possibility. I'm using squid3-devel package with SSL interception (SSL Bump, man-in-the middle based). It's intercepting SSL without any troubles. http://translate.google.com/translate?hl=en&sl=es&tl=en&u=http%3A%2F%2Fforum.pfsense.org%2Findex.php%3Ftopic%3D73007.msg402349%23msg402349 Google https pages with https links are also intercepted. But when I click the link the redirect page is not opened. However, opening the page in a new tab or window browser the redirect page appears. Curious! It's FireFox 27.0.1 fault? I just tried with Chromium 32.0.1700.107 and I've got the redirect page!
  • BBcan177B

    Add External Lookups to Diagnostics: DNS Lookup

    5
    0 Votes
    5 Posts
    2k Views
    BBcan177B
    The following Lookups would benefit anyone with a Local Mail Server. Mail Server DNSRBL Lookups SenderScore Spamhaus Blocklist SPAMcop Blocklist multirbl RBL Lookup MXToolbox                 [](https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go)                 [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>)                 [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>)                 [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html)                 [](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)
  • P

    Snort 2.9.5.6 v3.0.4 Block skype help?

    2
    0 Votes
    2 Posts
    1k Views
    BBcan177B
    The Emerging Threats Rules have P2P rules. Snort doesn't have anything in that Category.
  • bmeeksB

    Snort users – how would you like "templates" to work in the Snort package?

    12
    0 Votes
    12 Posts
    2k Views
    S
    If you use a file then it could be replicated across locations and you will always have a config file with you. Why not opt for both? Do as the core team wants and put an extra option in the GUI for creating a snort conf file.
  • belleraB

    SquidGuard bug ordering categories

    10
    0 Votes
    10 Posts
    3k Views
    belleraB
    [SOLVED] 1. Commented lines:   402         #file_put_contents($conf_file, $conf);   403         #file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default https://github.com/pfsense/pfsense-packages/blob/master/config/squidGuard/squidguard_configurator.inc 2. Modified pass line at: /usr/pbi/squid-i386/etc/squid/squidGuard.conf /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf 3. [Apply] button to reconfigure squidGuard without writing a new squidGuard.conf In general I only need to modify my lists. So, the trick will work without troubles for me.
  • S

    Exclude IP from HAPV

    2
    0 Votes
    2 Posts
    856 Views
    P
    Try doing the following: Go to Services > Proxy Server > Access Control Then, in the Unrestricted IPs, type in the Roku's IP Address and test this out to see if it works. As for HAVP, under the HTTP Proxy tab, go to the whitelist and enter in *.netflix.com to exclude the site from scanning the site for viruses.
  • T

    HAVP for pfSense 2.1

    6
    0 Votes
    6 Posts
    2k Views
    S
    I too had a problem with pfS2.1-x64 with clamAV not starting and havp crashing.  After reading other posts I tried using the command "freshclam" from the console and got a gid/uid error for the /var/db/clamav directory.  I issued the command "chmod -R 0777 /var/db/calmav" and tried freshclam again with success.  I then issued the command "service calmd start" with success.  It has now been running for 4 hours. . . After posting this message I got to looking at the /var/db directory and noticed that most directories listed have a root:wheel ownership as opposed to clamav which has a havp:havp ownership.  I hope this info might be of some help.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.