1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    652 Posts
    M
    @elvisimprsntr Great in theory, not in practice. I'm the same, but there are unforseen events. Power outages, crashes, etc. And yes, I'm running a UPS.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • S

    PFSense 2.03 Unable to communicate with www.pfsense.com

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    Assuming your routing is otherwise OK, if you have snort enabled, make sure it's not blocking that request. It's quite common for snort + blocking + HTTP preprocessors to block the package XML for one reason or another.
  • T

    Problems with Freeradius + Mysql pfSense 2.0.3 i386

    2
    0 Votes
    2 Posts
    1k Views
    N
    @tacioandrade: Good morning, I wonder if any of you have already configured freeradius2 with Mysql in pfSense? I ask this, because'm trying configure the freeradius2 with the Mysql in pfSense 2.0.3; but not'm managing to do the Radius write in the database. I was in the SQL option and I enabled under this topic http://forum.pfsense.org/index.php/topic, 43675.msg235475.html # msg235475 that appears in the documentation, using the root user (mysql) and all other data correct, however when adding a NAS or else a user they are not written to the database, anyone know what it could be? Yes. You misunderstood the mysql option on freeradius2 package. If you add a "User" or "NAS/client" this all will be written to plain text files on pfsense. If you configure mysql on freeradius you must have a mysql server somewhere on your network. The mysql configuration on freeradius GUI ist just to make the connection to a database but it does not contain any database. So adding users, clients and so on needs to be done on the sql server. Hopefully this will make things clear. :)
  • D

    NRPE issue with just 2 service checks

    4
    0 Votes
    4 Posts
    2k Views
    D
    Sorry to keep spamming but I have also found this in the logs: Aug 5 00:01:00 nrpe[60526]: Cannot remove pidfile '/var/run/nrpe2.pid' - check your privileges. Aug 5 00:01:00 nrpe[60526]: Cannot remove pidfile '/var/run/nrpe2.pid' - check your privileges. Tried to set the permissions on that folder so that all users can read/write/execute but not sure I did it right of if it even needs to be done?
  • C

    NUT randomly dies - long run problem

    7
    0 Votes
    7 Posts
    3k Views
    C
    OK I've tried a bunch of different adapters, and only the original PL2303 one does anythign at all.  I tried an old USB/serial adapter that our Cisco expert swears by, and a funny looking stacking Belkin one that the other Cisco wally likes. In the NUT config screen, the "Local UPS port" list always shows these choices: Auto (USB Only) cuau0 cuac1 ttyu0 ttyu1 When I have the working adapter plugged, the list gains two more entries (notice the capitalisation) Auto (USB Only) cuaU0 cuau0 cuac1 ttyU0 ttyu0 ttyu1 dmesg entries, working USB/serial adapter ugen0.2: <prolific technology="" inc.="">at usbus0 uplcom0: <prolific 0="" 2="" technology="" inc.="" usb-serial="" controller,="" class="" 0,="" rev="" 1.10="" 3.00,="" addr="">on usbus0 dmesg entries, failing Belkin USB/serial adapter ugen0.2: <belkin components="">at usbus0 So there's no uplcom0 line for the non working ones.  I'm stumped now - not sure if it s a kernel thing not finding the right module, or a php/gui thing.</belkin></prolific></prolific>
  • B

    HAProxy vs Builtin LoadBalancer

    10
    0 Votes
    10 Posts
    10k Views
    P
    Im not sure if there is a actual difference with the proxy ports for http and https.., But it seams at least with squid i can successfully use the following option in my haproxy.cfg option httpchk HEAD http://127.0.0.1/ server SquidProxyServer 127.0.0.1:3128  check inter 1000  weight 1 So to get that fill in the following in the backend config page: Health check method: HTML Http check Method: HEAD Http check URI: http://127.0.0.1/ Also "Least Connections" is available in haproxy-devel package.. Where the first 127.0.0.1 points to the webinterface of pfSense (needs to be a running/available website) (i do have pfSense WbGUI running on https.. but left the default redirect enabled) The second 127.0.0.1:3128 points to a locally running squid installation. Then when looking at the 'stats' page of HAproxy it tells the backend is UP and LastChk: L7OK/301 in 1ms. Did require squid to also allow also listen and allow connections on/from the 127.0.0.1 network. For the 8443 you could try the same.. Or maybe add a advanced option "check-ssl", not sure it there is technically any difference in those proxy ports.. ??? As for FTP, im not sure if its possible to perform health checks on it.. I guess you might need the agent check.. Or maybe give smtpchk a try, ive read/seen its 'sort off' compatible.. at least it will pass the check if the welcome message is a single line…  :-\
  • perikoP

    Add php extensions?

    8
    0 Votes
    8 Posts
    3k Views
    D
    Just upgrade to 2.1
  • D

    Fresh install of Aquid and Lightsquid

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • G

    How do I get SquidGuard and reverse proxy together?

    1
    0 Votes
    1 Posts
    889 Views
    No one has replied
  • K

    SSL certificate "Common Name" URL filtering

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • jimpJ

    New Package: sudo

    4
    0 Votes
    4 Posts
    2k Views
    P
    The install bug report got me to actually try this. It is installed and working on a bunch of systems. Now I can add individual user names, put them in the admins group, then they can ssh in, get a command line and sudo -s to get a decent looking shell as root, if needed. The admin (root) password on each system no longer needs to be remembered (= constantly looked up when going to different systems) and shared with multiple people. So far, the defaults work fine for me, it's IT admin staff who need "all or nothing" access. I haven't played with giving users access to only particular commands… It's a good thing - thanks.
  • V

    Error: 'SARG: Cannot set the locale LC_ALL to the environment variable'

    2
    0 Votes
    2 Posts
    4k Views
    B
    I'm having the same issue. here is my syslog: Jul 31 21:30:51 **.***.***.*** php:  /pkg_edit.php: Sarg: force refresh now with  args, compress() and both action after sarg finish. Jul 31 21:30:51 **.***.***.*** php:  /pkg_edit.php: The command '/usr/pbi/sarg-amd64/bin/sarg ' returned exit code '1', the output was 'SARG: Cannot set the locale LC_ALL to the environment variable'
  • C

    Facebook with Squid 3.1.20 pkg 2.0.6

    1
    0 Votes
    1 Posts
    972 Views
    No one has replied
  • A

    Error installing SUDO

    4
    0 Votes
    4 Posts
    2k Views
    A
    Thanks! Now it's working fine. Installation done.
  • N

    After creating squid rules, squid craches down

    3
    0 Votes
    3 Posts
    1k Views
    N
    @kejianshi: What other packages are you running? I am using squid guard
  • S

    Squidguard blacklist logging problem

    4
    0 Votes
    4 Posts
    2k Views
    S
    Hi :) My versions are listed in the first Post. Further, i tried this with different browsers and cleared cache. I will check the access.log file tomorror and report back here.l Best wishes spYro
  • N

    Zabbix agent no connection to Zabbix Server

    2
    0 Votes
    2 Posts
    8k Views
    N
    Update: I missed that the the version of my zabbix server was 1.8.10 I updated it to 2.0.6. In "CONFIGURATION OF TEMPLATES" I imported: https://github.com/kelsen/zabbix/blob/master/pfsense202.xml In "CONFIGURATION OF HOSTS" I added my host with the correct settings and the pfsense template. [image: zabbix_A.jpg] The IPMI availability is green. But the ZABBIX agent Availability is red. The settings in pfSense below: [image: zabbix_B.jpg] If I remove the pfsense template and added Template OS FreeBSD. [image: zabbix_C.jpg] Now the the ZABBIX agent Availability is green. So I figured adding multiply templates (the pfsense template which collects data via SNMP and template OS FreeBSD which collects data via zabbax agent). But if I do this there is and Error on which I do not get a grip on. Error: Two items ("sysName" and "Host name") cannot populate one host inventory field "Name", this would lead to a conflict. How do I fix it?
  • M

    Squid3+Lightsquid–>500 – Internal Server Error-->Solved

    2
    0 Votes
    2 Posts
    4k Views
    F
    @meets21jp: My pfsense version is 2.0.3-RELEASE (amd64) built on Fri Apr 12 10:27:15 EDT 2013 FreeBSD 8.1-RELEASE-p13 At first, I installed the squid 2.7.9 pkg v.4.3.3 and Lightsquid 1.8.2 pkg v.2.32. Then I open the Proxy report–>Lightsquid Report-->Graph Report, it's working fine. After that, I installed the squid 3.1.20 pkg 2.0.6. Then I open the Graph Report but it's not working, the error message is 500 – Internal Server Error. However, finally I got the solution of solving this problem. 1:  cd /usr/local/www/lightsquid 2: ./check-setup.pl LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL LogPath   : /var/squid/logs reportpath: /var/lightsquid/report Lang      : /usr/local/share/lightsquid/lang/eng Template  : /usr/local/www/lightsquid/tpl/base Ip2Name   : /usr/local/libexec/lightsquid/ip2name.ip no: GD.PM found, please install or set $graphreport=0 to disable 3: ls -al /usr/bin/perl* lrwxr-xr-x  1 root  wheel  25 Jul 21 23:14 /usr/bin/perl -> /usr/local/bin/perl5.12.4 lrwxr-xr-x  1 root  wheel  25 Jul 21 23:14 /usr/bin/perl5 -> /usr/local/bin/perl5.12.4 4: ls -al /usr/local/bin/perl5* lrwxr-xr-x  1 root  wheel    25 Jul 21 23:14 /usr/local/bin/perl5 -> /usr/local/bin/perl5.12.4 -rwxr-xr-x  2 root  wheel  7328 Jun 27  2012 /usr/local/bin/perl5.12.4 -rwxr-xr-x  1 root  wheel  7424 Mar  6 23:18 /usr/local/bin/perl5.14.2 5: unlink /usr/bin/perl 6: unlink /usr/bin/perl5 7: unlink /usr/local/bin/perl5 8:  ./check-setup.pl ./check-setup.pl: Command not found. 9:  ls -al /usr/bin/perl* ls: No match. 10:  ls -al /usr/bin/perl5* ls: No match. 11:  ls -al /usr/local/bin/perl5* -rwxr-xr-x  2 root  wheel  7328 Jun 27  2012 /usr/local/bin/perl5.12.4 -rwxr-xr-x  1 root  wheel  7424 Mar  6 23:18 /usr/local/bin/perl5.14.2 12: ln -s /usr/local/bin/perl5.14.2 /usr/bin/perl 13: ln -s /usr/local/bin/perl5.14.2 /usr/bin/perl5 14: ln -s /usr/local/bin/perl5.14.2 /usr/local/bin/perl5 15: ls -al /usr/bin/perl* lrwxr-xr-x  1 root  wheel  25 Jul 21 23:25 /usr/bin/perl -> /usr/local/bin/perl5.14.2 lrwxr-xr-x  1 root  wheel  25 Jul 21 23:25 /usr/bin/perl5 -> /usr/local/bin/perl5.14.2 16: ls -al /usr/bin/perl5* lrwxr-xr-x  1 root  wheel  25 Jul 21 23:25 /usr/bin/perl5 -> /usr/local/bin/perl5.14.2 17: ls -al /usr/local/bin/perl5* lrwxr-xr-x  1 root  wheel    25 Jul 21 23:25 /usr/local/bin/perl5 -> /usr/local/bin/perl5.14.2 -rwxr-xr-x  2 root  wheel  7328 Jun 27  2012 /usr/local/bin/perl5.12.4 -rwxr-xr-x  1 root  wheel  7424 Mar  6 23:18 /usr/local/bin/perl5.14.2 18: ./check-setup.pl LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL LogPath   : /var/squid/logs reportpath: /var/lled lightingightsquid/report Lang      : /usr/local/share/lightsquid/lang/eng Template  : /usr/local/www/lightsquid/tpl/base Ip2Name   : /usr/local/libexec/lightsquid/ip2name.ip WARNING: $skipurl variable contain unescaped '.' char !!! WARNING: if you use . as regular expression metacharacter please use '' instead "" and escape . via . WARNING: $skipurl now ->zzz.zzz< all check passed, now try access to cgi part in browser If there is above message, you can see the Graph Report. Thanks for sharing information.. Internal server error is a big problem so thanks for sharing solution..
  • Z

    Tinc menu disappears on every upgrade in 2.1

    14
    0 Votes
    14 Posts
    4k Views
    H
    Or even when just reapplying a backed up configuration.
  • M

    Squid + Dansguardian: Logs say "block" but content passes ?!

    2
    0 Votes
    2 Posts
    1k Views
    M
    The clue (must have) been that it did block some of the content but not the full site (pictures were absent) But since dansguardian is -as it seem to me - quite strict in default settings I'll have to fine-tune this guy (obviously it even blocks .exe or signature updates of some Antivirus clients (Forefront Endpoint uses .cab) So the main issue between keyboard and chair ;-) Additionally IE seems to less like getting "broken" sites than other browsers like Chrome or Firefox…
  • S

    Remote desktop gateway behind squid

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.