1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    D
    @Gertjan Thanks a lot for your help. This really helped me: I'm not using "pfSense pfBlocker Web server logging" (DNSBL Webserver/VIP ) as the "you are blocked web page" only shows up when the end browser user visits http sites, something that doesn't exist anymore on the Internet. All sites are https these days, and https sites can be redirected to "another https web server" like the "pfSense pfBlocker Web server". With that hint I was able to resolve my issue by: Unchecking the Python Group Policy Enable checkbox for the DNSBL Webserver Configuration on the DNSBL tab in pfblockerng. Checking the Permit Firewall Rules Enable checkbox and selecting the appropriate interfaces for the DNSBL Configuration on the DNSBL tab in pfblockerng. Forced Update | All. It now appears that all the blocked domains are appearing on the Alerts tab in pfblockerng. I couldn't find that host name in the "/var/db/pfblockerng/dnsbl/Max_MS.txt" file - where does your "/var/db/pfblockerng/dnsbl/Crazy_Max_Extra.txt:" come from ? I get that DNSBL, and 2 others, from the original maintainer (https://github.com/crazy-max/WindowsSpyBlocker): https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt. I really appreciate your help!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    @chpalmer okay so here is the update. I was able to get all my wireguard servers handshaking, my two personal tunnels and my one nord. I have full access to to my lan with my personal tunnels but I now dont have nord routing any traffic through its tunnel. I try to make a lan rule route one ip through nord and make one NAT rule and nothing. I lose internet on my one ip when I try and make a rule to use the nordvpn gateway
Log in to post
Load new posts
  • E

    Problem with site with squid -3 development

    4
    0 Votes
    4 Posts
    1k Views
    T
    Maybe a "proxy.pac" file or "wpad.dat" would be an option. (create one in the usr/local/www folder and make a symb-link for the other) There are topics on how to serve this pac-file via extra http-service on port 80 in combination with DHCP and have the pfsense GUI run on https. How successful it will be that depends on how you roll out DCHP (additional option 252, text, location of proxy.pac) and if users are allowed to change their internet settings regarding proxy settings. You filter https or facebook requests to be redirected to a "denied page". Example "proxy.pac" function FindProxyForURL(url, host) {   url = url.toLowerCase();   host = host.toLowerCase();   isHttp = (url.substring(0,5) == "http:");   isHttps = (url.substring(0,6) == "https:") // If the requested website is hosted within the internal network, send direct.     if (isPlainHostName(host) ||           shExpMatch(host, "*.home") ||           shExpMatch(host, "*.local") ||           isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||           isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||           isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||           isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) { return "DIRECT"; } // Forward non-http(s) and some hosts to forward proxy (or DIRECT (or access denied page?)) if((!isHttp && !isHttps) // Skip all non http(s)   || dnsDomainIs(host, "microsoft.com")   || dnsDomainIs(host, "windowsupdate.com")   || dnsDomainIs(host, "eset.com")   || dnsDomainIs(host, "mcafee.com") // McAfee   || dnsDomainIs(host, "siteadvisor.com") // McAfee   || dnsDomainIs(host, "hackerwatch.com") // McAfee   || dnsDomainIs(host, "hackerwatch.org") // McAfee   || dnsDomainIs(host, "avg.com")   || dnsDomainIs(host, "grisoft.cz")   || dnsDomainIs(host, "avgfree.com")   || dnsDomainIs(host, "avg.cz")   || dnsDomainIs(host, "symantecliveupdate.com")   || dnsDomainIs(host, "thawte.com")) { return "DIRECT"; } if (isHttps)   // Skip HTTPS (or return access denied page?) { return "DIRECT"; } // Otherwise, go through our proxy or if it fails, through bypass return "PROXY 192.168.0.1:3128; DIRECT"; } Or you could try a squidguard filter with a redirect page, maybe add a "proxy-list" and "VPN-service-list" to the block list there so users won't be able to use or search for anonimous-proxy or VPN's to circumvent the restrictions.
  • X

    Blinkled memory leak? (Alix platform)

    3
    0 Votes
    3 Posts
    1k Views
    X
    I think I've found a semi-reliable way to reproduce the leak. But as this is an alix2d3 with 256mb box running extra stuff pushes it's memory limits tight. If the interface goes away, the following code to never hit the cleanup path (can't find the source on the git repos, so from that post linked in the first post.):   for(ifp = TAILQ_FIRST(&ifh); ifp; ifp = TAILQ_NEXT(&ifc, if_list))   {       n = kvm_read(kd, (u_long)ifp, &ifc, sizeof(ifc));       if(n<0)       {         fprintf(stderr, "Error: kvm_read(element): %s\n", kvm_geterr(kd));         kvm_close(kd);         return -1;       }       if(strcmp(ifname, ifc.if_xname) == 0)       {         data->opackets = ifc.if_data.ifi_opackets;         data->ipackets = ifc.if_data.ifi_ipackets;         data->obytes = ifc.if_data.ifi_obytes;         data->ibytes = ifc.if_data.ifi_ibytes;         data->baudrate = ifc.if_data.ifi_baudrate;         kvm_close(kd);         return 0;       }   } } Note; there is no kvm_close(kd) if the interface isn't matched. I guess the package isn't being restarted in some conditions when the interface derps.
  • M

    Postfix - read only filesystem?

    2
    0 Votes
    2 Posts
    909 Views
    P
    pfSense recreates everything at boot time from data in its own config.xml - which is where all the GUI settings are saved. If you change any package conf file from the command line, the change will be lost when you reboot, or some other event happens that makes pfSense restart all the packages. You have to find a way to do your settings using the GUI provided with the package.
  • R

    Unbound package re-installation fails

    4
    0 Votes
    4 Posts
    1k Views
    W
    Nope that is an entirely different problem
  • G

    Unbound failing to install on 2.1.1 march 3

    4
    0 Votes
    4 Posts
    1k Views
    W
    A mistake on my part apologies on that - but fixed.
  • S

    PROBLEM: Unistall squid using console command

    3
    0 Votes
    3 Posts
    2k Views
    S
    Hi, I still haven't found a solution to the problem. I can't Uninstall squid using console but I can Uninstall it using web gui. I need to Uninstall it using console. Someone Can help me to find a solution. Thanks
  • B

    Vnstat2 Package Updated - Report/Feedback problems here.

    39
    0 Votes
    39 Posts
    8k Views
    B
    @petzi: @bryan.paradis: So you have received just one email from cron complaining that vnstat couldn`t create backups? Is it possible that the dyndns set the filesystem back to Read only after the vnstat script set it to read write and so it failed? This script gets run every minute by cron so I guess this may be possible that the timing just aligned perfectly. I've no idea. Probably mounting rw/ro isn't logged. If it happened only once? It must have been the fluke lining up of filesystem getting switched back after the rw call was made by the script.
  • D

    HAVP and PfBlocker - Malfunction ? Else ?

    1
    0 Votes
    1 Posts
    757 Views
    No one has replied
  • bmeeksB

    NEW – Suricata 1.4.6 pkg v0.1 BETA package released

    36
    0 Votes
    36 Posts
    8k Views
    bmeeksB
    @JWTrance: Thanks for the new Suri package, been looking forward to this for a bit. :) Feel free to disregard, but I was wondering how hard it would be to implement an options tab similar to the oldschool Snort IDSControl Center (see example) [image: snortoptions.jpg] I like the idea of being able to quick select options for a custom starting command line and then being able to save that Suri/Snort profile for later use. Be on the lookout for a substantial update to the Suricata package to be posted sometime over the next few days. I will be submitting the Pull Request shortly.  This will be version v0.2-BETA of the package.  There are lots of bug fixes and some other enhancements (such as an included Dashboard Widget, better rule update management and logging, and a Bro output option for Barnyard2). As for some control over command-line options, that is certainly possible.  Right now a fair number of parameters are configurable in the GUI and then provided to the Suricata binary via the suricata.yaml conf file.  Are there some Suricata-specific command-line options you need that are not available in the GUI?  If so, post a list and I will see what I can do. Bill
  • U

    HAVP antivirus wont start;

    2
    0 Votes
    2 Posts
    1k Views
    U
    Bump? Really want to have this working, It worked before hand on my netbook setup, but not now ? :(
  • D

    Unbound denies queries from IPsec clients…

    6
    0 Votes
    6 Posts
    1k Views
    W
    yeah and the other vpns.
  • O

    Detection Ultrasurf's traffic

    3
    0 Votes
    3 Posts
    2k Views
    D
    dont work! I think I have the wrong or your system dosent work I've addes my screenshoots. [image: snort_log1.jpg] [image: snort_log1.jpg_thumb] [image: snort_log2.jpg] [image: snort_log2.jpg_thumb]
  • ?

    HAVP service doesn't start

    16
    0 Votes
    16 Posts
    8k Views
    ?
    It works now in standard and parent mode. my problem was slow download process at update time.
  • B

    Reverse Proxy Using Squid

    1
    0 Votes
    1 Posts
    797 Views
    No one has replied
  • L

    Squid 3.4?

    1
    0 Votes
    1 Posts
    853 Views
    No one has replied
  • S

    Squid 3.3.10 error

    5
    0 Votes
    5 Posts
    1k Views
    B
    https://forum.pfsense.org/index.php?action=post;quote=398495;topic=43687.270 @serialdie: Under –- System ----- User Manager Add the user clamav. Worked for me.
  • B

    Voip server in ALIX

    1
    0 Votes
    1 Posts
    632 Views
    No one has replied
  • B

    Need to update file on http://files.pfsense.org (vnstat2 php front end)

    27
    0 Votes
    27 Posts
    7k Views
    A
    woo hoo! thanks!
  • W

    Unable to communicate to the pfsense package server

    4
    0 Votes
    4 Posts
    2k Views
    B
    Did you have it set to GW on your LAN? Or Like was your interface setup?
  • D

    Tftp not working (clean install of pfsense)

    2
    0 Votes
    2 Posts
    1k Views
    D
    After further review of older threads I noticed that tftpd was listening on 127.0.0.1  I added an internal UDP portforward to 69 and everything works now.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.