1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @netboy Things you can test : Leave pfBlockerng enabled, but : Remove all IP lists. De activate all DNSBL lists : you can do that by un checking : [image: 1762169315597-16b7ab6f-b38d-4c9b-8201-07756bb1a081-image.png] Btw : You use the "Unbound Python mode", right ? When DNS fails to work for your LAN devices, check 'manually' : C:\Users\Gauche>nslookup google.com Serveur : pfSense.bhf.tld Address: 2a01:cb19:907:dead:beef:92ec:77ff:fe29:392c Réponse ne faisant pas autorité : Nom : google.com Addresses: 2001:4860:4802:32::78 216.239.38.120 This tells me my LAN (windows) device was using the pfSense LAN IPv6 = 2a01:cb19:907:dead:beef:92ec:77ff:fe29:392c (for IPv4 this would be 192.168.1.1) - so I know that my device is using pfSense, the resolver, as it DNS source. I got an answer, so I know the resolver did its work. If no answer, go console or SSH of pfSense and check there : [25.07.1-RELEASE][root@pfSense.bhf.tld]/root: dig @127.0.0.1 google.com +short 216.239.38.120 This shows me that @127.0.0.1 (pfSense localhost) answered, as the resolver listens on every LAN interface and also localhost. This : [25.07.1-RELEASE][root@pfSense.bhf.tld]/root: dig @192.168.1.1 google.com +short 216.239.38.120 as my pfSense uses the default 192.168.1.1/24 LAN IP. If no answer : then the resolver isn't running, and that's 'not normal'. Starting it : [image: 1762169873517-560068d3-a229-4bde-8701-0d05a0b31cd9-image.png] would resolve the issue right away. Left to discover : why does your revolver (unbound) process dies ? edit : Also logical : we all use the same 'code' : [image: 1762169997506-667f8b72-cc12-4959-bbf3-660d23e9b5cf-image.png] ( I'm using 25.07.1 on a 4100 ) 'all' is probably a couple of hundred thousand pfBlockerng users using 2.8.1 or 25.07.1 and the latest pfBlockerng version. The only thing that is different for all of us : our settings ... This requalifies the problem from : "is something wrong with pfBlockerNG?" to a more mangeable "is something wrong with my pfBlockerNG?". And as it is already known that we all use the same "pfBlockerNG", the issue reduces further to "What wrong with my (pfBlockerNG) settings?". So : tell us all about your pfBlockerNG and DNS (!) settings, and we might be able to tell you what's wrong

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    F
    I didn't say you should remove the override.ups.delay.shutdown directive, I said you should remove the ignorelb directive. Ok, I will test without ignorelb directive. Also, you do not have anything in the Advanced settings section, correct? Yes As to running a calibration test, consult your UPS manual or support from the manufacturer of your UPS. I find anything I will search tomorow

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    @chpalmer okay so here is the update. I was able to get all my wireguard servers handshaking, my two personal tunnels and my one nord. I have full access to to my lan with my personal tunnels but I now dont have nord routing any traffic through its tunnel. I try to make a lan rule route one ip through nord and make one NAT rule and nothing. I lose internet on my one ip when I try and make a rule to use the nordvpn gateway
Log in to post
Load new posts
  • J

    Unable to Use Dansguard

    2
    0 Votes
    2 Posts
    1k Views
    R
    Test this in a logical, step-by-step fashion so that you can tell what is broken before adding the redirect rule… 1.) Validate that Squid and Dans are both running... If so... 2.) Try connecting the browser (via explicit proxy settings) to squid and make sure you can get out... If so... 3.) Try connecting the browser (via explicit proxy settings) to dans and make sure you can get out... If so... 4.) Add the redirect rule and delete your browser proxy settings.
  • C

    Possible Squid Issue with Streaming

    4
    0 Votes
    4 Posts
    1k Views
    C
    So, I disabled HAVP and everything works perfectly. I had to reboot the pfSense system after I did because I was getting bandwidth errors. Is there a way that I can just install a virus scanner on the box? I'm using Squid 2.7.9 pkg v.4.3.3
  • G

    Unbound and android 4.1

    18
    0 Votes
    18 Posts
    4k Views
    B
    @doktornotor: @bryan.paradis: https://redmine.pfsense.org/projects/pfsense/repository/revisions/9399370b367df7b73b84d605f4f44599c93b0bbe/diff https://redmine.pfsense.org/issues/3015 That fix clearly did not work (presumably due to the fact is is failing to check anything but the first and second DNS entries in System - General Setup.) It is related to the same problem but it is a fix for DNS zones. I have updated your bug report with the related information.
  • D

    Unbound package - enable forwarding still no-op

    18
    0 Votes
    18 Posts
    3k Views
    D
    Thanks a lot for quick fix!
  • N

    Squid User's speed is very low!!!!

    1
    0 Votes
    1 Posts
    645 Views
    No one has replied
  • M

    How to make sites exempt from HAVP?

    1
    0 Votes
    1 Posts
    701 Views
    No one has replied
  • D

    PfBlocker whitelist?

    4
    0 Votes
    4 Posts
    6k Views
    BBcan177B
    @digdug3: This works, but then you also have to open all the ports you have configured to this whitelist. If the IP was not blocked at all it would behave "normally" to the next rules. Hi digdug3, The order of the rules in the Firewall tab are important. Block first and than Pass next. If you are having a specific issue, post the issue and maybe someone might be able to help.
  • N

    Squid Pfsense 2.1 and multi wan

    2
    0 Votes
    2 Posts
    1k Views
    B
    Just a friendly reply. I do not have the same configuration. I have one WAN and two OPTs hoping to get a reverse proxy working. It's not working, but there may be an additional contributing factor that I don't know what I'm doing and the instructions are severely lacking.
  • LucaTNTL

    Unable to install vnstat2

    26
    0 Votes
    26 Posts
    6k Views
    N
    very well thank you!!! :)
  • A

    Can't Access NTOP

    4
    0 Votes
    4 Posts
    2k Views
    R
    You are welcome :)
  • K

    Pfsense, alias and subdomains needed

    6
    0 Votes
    6 Posts
    7k Views
    P
    according to the proxy config, you can use a man-in-the-middle approach. It requires that you setup a WPAD/PAC in DNS or DHCP. This is new to me, but reading up on it looks promising. I am using my proxy only as a way to control site my girls should not be seeing. They can get to https sites though. This might be a way to circumvent that limitation. Please post if you have any success, if you use it.
  • Z

    Squid+squidGuard: web pages are timing out, they load after refreshing

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • ?

    Dansguardian installation problem - amd64

    3
    0 Votes
    3 Posts
    894 Views
    J
    Hi Guys i had the same problem installing dansGuardian yesterday too…. there was a typo in the dansguardian.inc file when first installing at line 1201  ----->    @unlink($script)) should read               @unlink($script); it has been fixed today.....
  • J

    Snort whitelist by command line

    12
    0 Votes
    12 Posts
    4k Views
    bmeeksB
    @jandohrmann: Hi Bill, Brilliant solution - thank you! Best Regard Jan By the way, I plan to add this new IP Reputation Preprocessor option to the next Snort update (should be in the 2.9.6.0 package when it comes out in about a month). Bill
  • bmeeksB

    Snort 2.9.5.5 pkg v3.0.1 Update – Minor bug fixes

    65
    0 Votes
    65 Posts
    20k Views
    bmeeksB
    @fragged: @BBcan17: @fragged: Bills pull request has still not been accepted. The change you saw was this: https://github.com/pfsense/pfsense-packages/commit/048bb82a0e2c814da90816657ecedf59fedf8dbd Thanks for the update fragged. I thought that security issue on the Web GUI was fixed in the previous release? It still shows as 3.0.2 after this update. I'm not an expert with html/php, but it seems like this is a better fix for the same issue that was already fixed by Ermal before. Yes, this latest fix is an improvement over the first one.  Some more changes similar to this will be coming in the next Snort update to further harden the GUI code a bit.  It contains a lot of quite old HTML/PHP stuff that I had just left alone since it worked.  However, in today's more security conscious environment, some hardening is needed. Bill
  • V

    Squid 3.3.10 with SSL Filtering some web page are broken

    1
    0 Votes
    1 Posts
    691 Views
    No one has replied
  • BBcan177B

    Possible BUG in Snort custom.rules

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    @bmeeks: I submitted the fix for this problem in the current Snort 2.9.5.6 pkg v3.0.4 Pull Request that is posted on GitHub now.  So as soon as the Core Team guys review and approve the request, this fix will be posted.  Here is the link to the request:  https://github.com/pfsense/pfsense-packages/pull/582 Bill Thanks Bill. I guess there is the changelog. Unfortunately after this upgrade, I dont see any of these changes. There are no new icons in the Alerts Tab, Clicking on a remove Block still brings it to the Lan interface. The Rules tab is not updated. Maybe this is still the previous release? Let me know if you want me to test anything. Thanks.
  • C

    SNORT - Unusual ping detected

    3
    0 Votes
    3 Posts
    3k Views
    C
    Thanks a lot Bill..!
  • keyserK

    Squid 3 package status

    1
    0 Votes
    1 Posts
    832 Views
    No one has replied
  • M

    Haproxy 1.4 content isn't secure

    3
    0 Votes
    3 Posts
    1k Views
    P
    Indeed like Jason writes its likely the page contains contents that it tries to read contents from http://something..  you might also want to give haproxy-devel a try as it natively supports ssl. And also as a possible workaround if the webserver url generation cannot be changed can have the backend connection created over ssl to the webservers.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.