pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

3.7k
Topics

20.6k
Posts

J

Keep in mind you will have to install an SSL certificate on the Raspberry PI to download the GIT hub file and program. You have to copy the SSL file over to the pi by way of a USB drive and reconfigure your ca certificates for that, or just connect the pi to a non-proxied system to get your files after set it back. If you are like me you just add the certificate so you can access the proxy.

To add the firewalls certificate used with the proxy first download it directly from the firewall so you know it is yours.
after
sudo mkdir /media/usb sudo mount /dev/sda2 /media/usb -o umask=000 cd /media/usb #find your file from the flash drive lets call it CA-Cert.crt #copy it to the locations is it needed at sudo cp CA-Cert.crt /etc/ssl/certs sudo cp CA-Cert.crt /usr/share/ca-certificates/ sudo cp CA-Cert.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates
This should fix your certificate issue to use wget while in the proxy.

Final step we need to make sure that once inside the proxy that you can't call the wpad, meaning that the WPAD is a one-way ticket that the proxy or it's cache cannot access it for added security.

Add this to custom options on the Squid configuration, it is not really needed I add this for fear of container issues,
acl wpad urlpath_regex ^/wpad.dat$ acl wpad urlpath_regex ^/proxy.pac$ acl wpad urlpath_regex ^/wpad.da$ #deny_info 200:/etc/squid/wpad.dat wpad # this is if you manage wpad from squid not needed here reply_header_access Content-Type deny wpad
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

2.2k
Topics

15.6k
Posts

J

It runs alongside pfSense as a package. The logs can be configured by way of the package.
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

555
Topics

2.7k
Posts

S

PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt

Just Curious what this is and how to stop it in snort, I first thought someone was trying to get in but now I am not so sure as I changed my external IP and it happened straight away
on the new External IP. From what I can gather its something to do with a vunerability in dns but at a loss where to start, if its not an issue then fine but its happening a lot.
pfBlockerNG

Discussions about the pfBlockerNG package

2.5k
Topics

19.1k
Posts

S

Wanted to get some feedback from folks before I upgrade to 24.11.
Is the latest pfBlockerNG 3.2.0_16 functioning ok on 24.11?
I moved away from Devel to Stable 6 months ago or so but see that the version hasn’t changed with the release of 24.11.
Just want to be sure I can expect all to function ok before I upgrade.
@BBcan177 can we expect a stable release of 3.2.1_20 perhaps or am I good to go?
Thanks in advance.
UPS Tools

Discussions about Network UPS Tools and APCUPSD packages for pfSense

87
Topics

2.3k
Posts

D

@firefox Glad you got it working
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

478
Topics

2.7k
Posts

K

@tinfoilmatt it looks like I have finally gotten the certificate to pop up but now I am dealing with getting 503 Service Unavailable error. Do you know if this is an HAProxy issue or on the cloudflare side?

Screenshot 2024-12-05 at 12.51.02 PM.png
FRR

Discussions about the FRR Dynamic Routing package on pfSense

280
Topics

1.1k
Posts

S

How is it configured? Does it appear correctly in vtysh 'show run'?
Tailscale

Discussions about the Tailscale package

75
Topics

428
Posts

E

@rocket

1.78.1 now available for FreeBSD 15

Freshports
WireGuard

Discussions about WireGuard

635
Topics

3.3k
Posts

S

@Bob-Dig Indeed it is! I'm out this evening, but will do a full set of screenshots tomorrow.

J

pfsense didn't show packets to install

• • JuniorSa_TI

2

0
Votes

2
Posts

812
Views

G

@juniorsa_ti

The GUI has to be able to connect to the packet server of Netgate to download the list with available packages.
The thing is, it can't.

Most obvious reason : no WAN ('Internet') connection.
Or a broken DNS set up.

The same info is also present on the Dashboard :

c4165dbd-f641-49d9-b1d2-1eb3265270d0-image.png

It's says my system is up to date, and the last check was made .... a couple of minuts ago.
This means that my pfSense can reach Netgate's server to do the check.

See these pages Troubleshooting for more info.
C

Custom error html in haproxy - not allowing entries

• • chrisjx

2

0
Votes

2
Posts

1.1k
Views

C

OK. Never mind... user confusion.

I decided I wanted to add some html content. I thought the process would to go to the backend definition and expand the error files section and add my html to a record called 503.

But what we actually have to do is go, first, to the Files tab in the HAProxy screen, add the HTML in a record... then go back and add a reference to the file in the error files section.

I put in some simple html and it rejected that. Apparently it needed some pre-html references. I could not find a good reference about what was needed but I found an example, modified it and this worked:
HTTP/1.0 503 Service Unavailable Cache-Control: no-cache Connection: close Content-Type: text/html <html> <head> <title>Site Down for Maintenance</title> </head> <body style="font-family:Arial,Helvetica,sans-serif;"> <div style="margin: 10 auto; width: 960px;"> <h2>Site Maintenance</h2> </div> <p>The site is down for maintenance. If the condition persists for more than a few hours, please notify the site administrator.</p> <p>Error 503</p> </body> </html>
As you were...
N

BIND DNS, IPv6, DHCPv6-PD and ACL configuration

• • NightlyShark

1

0
Votes

1
Posts

693
Views

No one has replied
F

FreeRADIUS

• • fathead

3

0
Votes

3
Posts

1.2k
Views

F

eap_tls: (TLS) Alert read:fatal:internal error
Debug: (5) eap_tls: (TLS) Server : Need to read more data: error
ERROR: (5) eap_tls: (TLS) Failed reading from OpenSSL: /var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/record/rec_layer_s3.c[1544]:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
Debug: (5) eap_tls: (TLS) In Handshake Phase
Debug: (5) eap_tls: (TLS) Application data.
ERROR: (5) eap_tls: (TLS) Cannot continue, as the peer is misbehaving.
ERROR: (5) eap_tls: [eaptls process] = fail
ERROR: (5) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed

Error: /usr/local/etc/raddb/mods-enabled/eap[3]: Failed to link to module 'rlm_tls-config': Cannot open "/usr/local/lib/freeradius-3.0.25/rlm_tls-config.so"

how to wpa2&3 tls384?

File does not exist? rlm_tls-config.so
S

Install Wireguard and OpenVPN?

• • spyder0552

3

0
Votes

3
Posts

1.1k
Views

J

@spyder0552 said in Install Wireguard and OpenVPN?:

Super simple one for you all.
Is it possible to install and run Wireguard on a device that already has OpenVPN all setup and running?

I really want to try Wireguard, however, I don't have the resources to setup a standalone test device so I need to use my production router...and I dont want to break anything.

I assume it is just fine...but wanted to ask the group.

Thanks Everyone!!

It's fine. One has nothing to do with the other.
I have both running on more than one pfSense.
Just make sure you don't use the same IP's between the two.
F

Speedtest http issue

• • fireodo

1

0
Votes

1
Posts

629
Views

No one has replied
J

Package list not working

• • jorgyate

4

0
Votes

4
Posts

1.1k
Views

V

@jorgyate
The recent is only one which is supported. If you're on CE that is 2.6.0.
E

How can I change the config file haproxy.cfg manually ? Please Help me

• • EL 0

1

0
Votes

1
Posts

640
Views

No one has replied
E

How to me configuration haproxy for redis cluster with autentification?

• • EL 0

1

0
Votes

1
Posts

729
Views

No one has replied
A

Softflowd не отправляет данные в Nfsen

• • airoman

1

0
Votes

1
Posts

723
Views

No one has replied
L

Squid Proxy Server Crashing System

• • LPD7

1

0
Votes

1
Posts

756
Views

No one has replied
J

Squidguard and loopback questions

• • JonathanLee

1

0
Votes

1
Posts

716
Views

No one has replied
E

This topic is deleted!

• • Easy docs

1

0
Votes

1
Posts

4
Views

No one has replied
B

[Haproxy-devel] GZIP-Compression?

• • badger

3

0
Votes

3
Posts

2.7k
Views

C

Hello,
Is there an updated step by step way to do this?

It is unclear if things have been changed since this original post was made but there isn't an apparent way to do this.

Thanks in advance!
M

CRON job - calling URL

• • mhank

3

0
Votes

3
Posts

971
Views

M

@rcoleman-netgate THANK YOU :)
That did the trick
S

Netgate SG-1100 unable to install packages

• • Spectre 988

8

0
Votes

8
Posts

1.1k
Views

R

@spectre-988 said in Netgate SG-1100 unable to install packages:

I've been working on using the device at my home for a HA fail over device. I've got the device to become part of the HA but when the primary wants to sync the packages they aren't able to due to packages not being installed. I try to install myself but package manager just sits at waiting for the update system to initiate. I am not sure if the version of Pfsense I am using is the problem or the Bios. I know both are older and tried to update Pfsense version and get that the system is on a later version than the official release.

Without physically separated interfaces the 1100 is not suited for HA. It could do it, sure, but the WAN, LAN, and OPT are all the same NIC in the system, just VLAN'd to a switch. Your expectations should be very tempered -- failover cannot happen based on physical disconnection and is going to be unreliable.
J

Zabbix Uncaught Error

• • JuniorSa_TI

5

0
Votes

5
Posts

1.3k
Views

J

Hi,

The solution it'a in this link: https://github.com/rbicelli/pfsense-zabbix-template/pull/118

I hope help somebody.
S

This topic is deleted!

• • sogoku

1

0
Votes

1
Posts

69
Views

No one has replied
4

HAproxy can only connect to "Default Backend"

• • 4evernoob

1

0
Votes

1
Posts

764
Views

No one has replied
R

Tailscale - package request / work opportunity

• • returntrip

2

0
Votes

2
Posts

1.4k
Views

J

@returntrip https://youtube.com/watch?v=Fg_jIPVcioY

20 / 461

This topic is deleted!

This topic is deleted!