1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    johnpozJ
    @daro If you want to direct domain.tld to 192.168.180.48 and www.domain.tld to .50 that would be setup in haproxy, not any port forwards.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    The physical files themselves (the sample SID Management Configuration files) are installed with the Snort package into /var/db/snort. Then, if it's a first-time green field installation, the contents of those sample files are migrated into the config.xml file of the firewall as Base64 encoded text by the post-installation script and stored there from then on. If they are not showing for the OP, then somehow they were accidentally deleted is my best guess. The GUI will allow them to be deleted.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    577 Topics
    3k Posts
    G
    @johnpoz The decoded base 64 isn't something I recognise. It's simply "teamspeak5:" and then a random string of numbers/letters/symbols.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @BBcan177 I'm on 25.11.1 and noticed this issue resurfaced for me on 25 Feb 2026 after I fixed it last fall. I updated pfB to 3.2.14 and performed the uncheck-save-reload-check-save-reload but still have "Masterfile Count [ 87007 ] Deny folder Count [ 87006 ]". I update once/day so fortunately the logfile is still available. I have not yet checked the syntax in the earlier mentioned pfblockerng.sh and since I've updated to 3.2.14 I don't even know if the line #1232 is correct any longer.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    105 Topics
    3k Posts
    dennypageD
    @netboy said in UPS ups on battery - appers often now: @dennypage Let us not worry about how i achieved the global view of all ups status. "Don't look here" is almost always a red flag. The issue is the ups is connected to the router using LOCAL usb (i shared the router screenshot) - why is the router sending me the battery is down when i know it is not the case - Did the latest updates have any impact on this functionality Previously I asked What do you mean by “the router flags”? Now I will add what do you mean by "the router sending me the battery is down when i know it is not the case"? Please be specific. What log messages are you seeing? What notification messages are you receiving? I also asked you to explain your custom app -- I.E. How does it work. Does it work at the USB level? Does it query uspd? Please be specific. You probably should disable your custom app while you attempt to diagnose the problem you are experiencing. What version of the pfSense nut package are you using? What version of the underlying nut package?

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    516 Topics
    3k Posts
    L
    @jimp Up to now I install the certificates on the (web/mail/sftp)server(s) them selves. However since that is becoming more and more complex and certificate lifetimes as becoming shorter and shorter. I do seriously consider to use LetsEncrypt certificates generated on pfSense. And preferable without the help of additional systems. Note however that I am using HA-proxy. So I am trying two routes: completely on pfSense on pfSense with the help of a dedicated webserver on a VM, handling all LetsEncrypt requests. Routed via HA-proxy based on ^path starts /.well-known/acme-challenge/^ For method 1) I implemented the ^acme-http01-webroot.lua^ option I did not yet implement method 2) Of course I do not want to expose the pfSense GUI to the internet. I changed the GUI port number and do not allow access to pfSense from the internet at all (at least I home so) Also have a look at my other thread 'Do not manage to generate Certificate (using ^Webroot local folder^)' My intention is of course that the token is stored and read on pfSense itself without using the GUI webserver / the possibility to access the GUI.

  • Discussions about the FRR Dynamic Routing package on pfSense

    299 Topics
    1k Posts
    LinkPL
    @jimp I'm definitely eager to test that package update, but after the latest system update to 25.11.1 from 25.11, (which I did in the hope it would the OPFv3 issue) my long-working IPsec VTI setup quit passing usable traffic. This obviously not the right topic for that subject. I will post it where it belongs once I get time to collect more useful diagnostic information than I have now. ETA: VTI IPsec VPN seems to be working normally again! IPv4 OSPF is working, and I can now rebuild my IPv6 routes on OPFv3. I am pretty stoked! Thanks to everyone involved in getting that package update published.

  • Discussions about the Tailscale package

    96 Topics
    720 Posts
    TommyMooT
    @veddy254 Nice, you found out why you needed to renew API Key, well done!

  • Discussions about WireGuard

    734 Topics
    4k Posts
    N
    Off course, thanks for reporting.
Log in to post
Load new posts
  • F

    Does FreeRADIUS (or any other pfSense package) support RadSec? (RADIUS over TLS 2083/tcp)

    3
    0 Votes
    3 Posts
    1k Views
    J
    I am also looking for GUI RADSEC support. I do believe that the current version of FreeRadius in 2.8.1 does support it (usr/local/etc/raddb/sites-available/tls) but there is not GUI support. I attempted to spin it up, but the server crashed when a connection was made on 2083/tcp. Looks like there is a possible roadmap. issue 16025 radsec
  • H

    Can't get packages to update

    7
    0 Votes
    7 Posts
    646 Views
    H
    So the problem definitely lies in Hardware TCP Segmentation Offloading as I was able to disable Hardware Large Receive Offloading without the issue occurring.
  • P

    LLDP Package disappeared

    7
    0 Votes
    7 Posts
    915 Views
    TheKiwisT
    @dennypage brillant! I was having the same problem with LLDP not starting (25.07.1), the 2nd option worked for me. Thanks! :-)
  • S

    Unable to start FreeRADIUS service

    2
    0 Votes
    2 Posts
    273 Views
    GertjanG
    @scottastic86 You've showed why and where there error occurred .... We, here on the forum, can acces that file, but the pfSense admin = you, you can ?! Have a look at this file : /usr/local/etc/raddb/mods-config/files/authorize When you see the file, you'll think : where did I see this before ? It's the info you entered here : [image: 1764763153476-4474cf8a-c7dd-49a9-8891-f7fbc85c9470-image.png] Start by checking all the entries : remove accented chars, all ' " `` etc. Just plain ASCI text. To test radiusd in debug mode : On the command line : radiusd -X and you'll see where it fails. But you already know where. Ctrl-C to abort. @scottastic86 said in Unable to start FreeRADIUS service: I deleted and rebuilt the Captive Portal The portal isn't radius related. Your issue is 'radius', not the portal. @scottastic86 said in Unable to start FreeRADIUS service: uninstalled and reinstalled the FreeRADIUS package But you kept your freeradius settings with an error in place ^^
  • JSmoradaJ

    Is anyone working on a RustDesk package?

    3
    0 Votes
    3 Posts
    1k Views
    M
    Using rustdesk pro self-hosted If's fantastic except when a client machine is in a restrictive environment with only 80/443 outbound open. Apparently there's a working websocket config but I wanted to use PfSense/HAproxy and can't translate the setup from nginx I'm a bit surprised more people aren't trying to do this to avoid the crushing costs of Teamviewer these days, and the absurd limimtations or security risks of other solutions.
  • V

    23.09.1 from 23.05.1 freeRadius broke

    10
    0 Votes
    10 Posts
    2k Views
    V
    Note to self under the latest release I had to set decipher list to cipher_list = "DEFAULT@SECLEVEL=0"
  • J

    This topic is deleted!

    1
    0 Votes
    1 Posts
    10 Views
    No one has replied
  • kmpK

    Problem with Net-SNMP - not starting

    5
    0 Votes
    5 Posts
    4k Views
    M
    @barnettd Thanks for the fix! I was running into the exact same issue. Like @kmp, the pkg utility also had to be downgraded: pkg: 2.2.2_2 → 1.21.3_5 [pfSense] The following packages were reinstalled: pfSense-repo-25.07.1 [pfSense] pfSense-upgrade-1.3.11 [pfSense] snmpd starts up and everything appears to be working after a reboot.
  • R

    pfSense 2.8 Installation Fails, and 2.7.2 Cannot Fetch pkg Packages – Repository Unreachable”

    6
    0 Votes
    6 Posts
    1k Views
    GertjanG
    @rootCRO said in pfSense 2.8 Installation Fails, and 2.7.2 Cannot Fetch pkg Packages – Repository Unreachable”: services.netgate.com Where did you get that "services.netgate.com" host name from ? Here is the forum that handles the 'install' questions : Home > pfSense Software > Problems Installing or Upgrading pfSense Software. @rootCRO said in pfSense 2.8 Installation Fails, and 2.7.2 Cannot Fetch pkg Packages – Repository Unreachable”: I’d really like to know exactly where pfSense pulls its packages from FreeBSD: { enabled: no } pfSense-core: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_07_1_amd64-core", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } pfSense: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_07_1_amd64-pfSense_plus_v25_07_1", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } I'm using pfSense plus. Be ware : you can't point a web browser to URL like https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_07_1_amd64-pfSense_plus_v25_07_1, as it is not a web server.
  • M

    mdns-bridge one-way reflection

    26
    0 Votes
    26 Posts
    4k Views
    M
    @keyser said in mdns-bridge one-way reflection: @marcg Yes, those ports are needed - in what we consider the wrong direction - when you are Airplaying Video/screen mirroring. For sound only Airplay they are not needed/used. @keyser @dennypage , thanks for the info and confirmation. Somewhat reminiscent of the well-known firewall issues with active FTP ... with the difference that Airplay was introduced 20+ years later.
  • kesawiK

    UDP Broadcast Relay and subnet-directed broadcasts

    2
    1
    0 Votes
    2 Posts
    753 Views
    keyserK
    While I'm not 100% sure it cannot be brought to relay subnet-directed broadcast, it would make little network sense if it did. Remember that any IP stack on the other side that follows IP guidelinies would still drop the packet even if the NIC picked up the L2 broadcast frame from the wire. The idea of the package is forwarding Class D (multicast) and proper global broadcast frames.
  • S

    snort 4.1.6_27 crashing with php error

    4
    0 Votes
    4 Posts
    621 Views
    S
    yeah, it's fixed with _28
  • R

    Need urgent support with HAProxy setup will pay

    1
    0 Votes
    1 Posts
    278 Views
    No one has replied
  • keyserK

    Advantages of mDNS-Bridge vs UDPBroadcastRelay

    7
    0 Votes
    7 Posts
    1k Views
    keyserK
    @dennypage And thank you SO much to @dennypage for maintaining the package - and so selflessly spending time supporting it and us users. Especially when we ask stupid questions or are so selfcentered we find ourselves important enough to outright complain over volunteer work like this. All package maintainers should really have a HERO badge here on this forum.
  • E

    HAProxy - Files

    3
    4
    0 Votes
    3 Posts
    761 Views
    patient0P
    @AnthonySalamone preface: I don't use HA Proxy but did use the power of searching the internet. If you want to use pfSense with Authelia, which seems to use these exact three files, someone written a blog post about how to do it: https://kovasky.me/blogs/pfsense_haproxy_authelia/
  • A

    Prometheus Node Exporter gives log errors - fix or suppress in log

    7
    0 Votes
    7 Posts
    7k Views
    A
    @nws thanks for the consistent fix - I completely overlooked that for a while. And @credulous yes, it's still a mystery why the collectors seemingly trigger and gives errors, and also why they don't appear at the collector list. It seems the Prometheus Node Exporter package on FreeBSD has very low priority perhaps? Else you would imagine something like this could be fixed.
  • CreationGuyC

    HAProxy / ACME + external webhost?

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • C

    FreeRadius or something else, for MFA without a PIN code?

    9
    0 Votes
    9 Posts
    4k Views
    N
    @Codefighter Thanks @Codefighter, you’ve nailed it. I totally agree that for home use, OTP can feel like overkill. But when it comes to small, medium, and large businesses, we’ve got a real responsibility to keep networks and systems secure. We can’t afford to be casual or underestimate the risks out there. Honestly, I’d much rather hear a few grumbles from employees about typing in an OTP every time they hop on the VPN than have to sit in a meeting with the board explaining why we didn’t do enough to prevent and mitigate a cyberattack.
  • D

    After backup restore freeradius fails to authenticate with Google Authenticator

    1
    0 Votes
    1 Posts
    310 Views
    No one has replied
  • L

    net-snmp on Netgate 7100 cluster - firmware 25.07.1-RELEASE

    3
    0 Votes
    3 Posts
    3k Views
    S
    see https://forum.netgate.com/topic/198800/solved-pkg-upgrade-not-found-required-by-pkg running on ssh this command fixed my problem. pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade for me the problem is solved.uuu
Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.