1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    652 Posts
    M
    @elvisimprsntr Great in theory, not in practice. I'm the same, but there are unforseen events. Power outages, crashes, etc. And yes, I'm running a UPS.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • I

    Squid + SquidGuard

    2
    0 Votes
    2 Posts
    1k Views
    S
    Can you tell me what have you defined under Squidguard -> "Client Source" !? make sure to hit save button on "General Settings" page and then hit "Apply" at top of the same page!
  • S

    FusionBox 3.x on pfSense 2.1

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • N

    Squid auto delete cache??

    3
    0 Votes
    3 Posts
    2k Views
    N
    Thank you, I just set to a shorter period.
  • L

    "monit" package for pfSense part 2

    21
    0 Votes
    21 Posts
    9k Views
    R
    OK found my problem, permission. The permission of  /usr/local/etc/rc.d/monit.sh should be 0755 All starting fine now :-) Cheers
  • S

    Squid Rever proxy … works for exchange only

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • N

    Signed certificate with reverse proxy

    2
    0 Votes
    2 Posts
    3k Views
    N
    Morning Everybody In France we say "La nuit porte conseil" that looks like "sleep on it"… Here is what I did : Installed pfSense on an VmWare Esxi to be able to use many servers with a single internet address. THANKS to http://blog.romant.net/technology/configuring-nat-on-esx-and-esxi/ Installed and configured squid3 package in pfSense as I can access 3 differents Centos servers in my virtual network by their URLs Transfered a Windows trusted certificate in pfSense to avoid users to get "Exception message" in their browsers ; THANKS to http://knowledge.zomers.eu/pfsense/Pages/How-to-use-a-Windows-PFX-certificate-with-pfSense.aspx THANKS to http://digfound.blogspot.fr/2012/06/reverse-proxy-ssl-with-pfsense-inc-owa.html And of course THANKS to pfSense Team that gives us this awesome product. Regards Nicolas
  • E

    Snort 'ignore_call_channel' setting seems to have no effect

    2
    0 Votes
    2 Posts
    1k Views
    E
    Based on my research, the options that work well in this case are 1) Disable UDP tracking in Stream5 2) or define a BPF filter file using a 'config' option called 'bpf_file'. Since disabling UDP tracking altogether may not be desired, I am sticking with BPF. I hope this information helps someone in the future.
  • Z

    Apache with modsecurity installation halts for ages in pfSense 2.1!

    5
    0 Votes
    5 Posts
    2k Views
    X
    Even with that error, the option appeared in the menu. When trying to use returned an error in the file / usr / local / pkg / apache_mod_security.inc line 169. Typo: Before: $ setting = sarray (); Fix for: $ settings = array (); It's working.
  • D

    Language manager package

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • H

    Is 'lan only' load balancer/relayd possible?

    5
    0 Votes
    5 Posts
    3k Views
    H
    On the one hand, 9 / 10 on the hack-o-meter.  On the other hand, never argue with success.  Thanks! It would be good to add "check script …" to the possible monitors. It would be good to warn of the aforementioned should the 'forward to' and the 'monitor address' be on the same subnet. It would be good to warn if the virtual address isn't among the addresses this system arps for.  I'm assuming that if the address is a carp vip in backup mode the system won't advertise via the load balancer facility that it owns the virtual ip.
  • M

    IMSpector Log Viewer not displaying logs

    11
    0 Votes
    11 Posts
    5k Views
    D
    @dbpinggoy: @marcelloc: I've pushed an update for it with no version change, reinstall package imspector-dev in about 15 minutes and check if it's fixed. I got same problem even thhough im running imspector-dev. The log is still empty . All is allowed on access lists.. Is their any solution for this? Thanks a lot I've found the solution for this, when I tried to uncheck the enable on imspector access list. But we got another problem in which our IM (Yahoo messenger) keep on logging out.. We are using pfsense 2.0..
  • D

    How to restart WebGUI

    3
    0 Votes
    3 Posts
    13k Views
    D
    Wow, thanks!
  • A

    Squid + Disney/ABC apps on iOS = no worky!

    7
    0 Votes
    7 Posts
    3k Views
    jimpJ
    @doktornotor: As for the OP: http://i41.tinypic.com/2ynmbf6.jpg Perry the Platypus frowns upon such blasphemy. [image: 16bh4bn.jpg]
  • F

    SquidGuard redirectors configuration in GUI

    6
    0 Votes
    6 Posts
    3k Views
    F
    Hi Tikimotel, I have followed your instructions and I could create the patch to squidGuard redirectors and another patch to squid configuration to bypass proxy for some sites. But I have a question, my patch was correctly applied but I can't put the tab identation in the line. Do you know what character is the tab character to put in the begining of the line? Thanks!
  • Z

    Squid Package?

    7
    0 Votes
    7 Posts
    2k Views
    D
    On your pfSense page, click on System, then Packages and then Available packages. Scroll until the one you want and then click the Plus Sign to install it.
  • sparklyballsS

    Squid dev3 will not install.

    2
    0 Votes
    2 Posts
    2k Views
    P
    Indeed, there are no "tbz" install files for squid-3.3.8 on: http://files.pfsense.org/packages/amd64/8/All/ or http://files.pfsense.org/packages/8/All/ squid-3.3.8 pbi files are there, so the install should work from a 2.1-RC0 system, which uses "pbi". But it won't work from 2.0.3 which needs the "tbz" format install files. The previous squid-3.3.5.tbz files are there in both folders. Hopefully a squid maintaining person will notice this soon and put the files in place!
  • J

    Lightsquid not recording Spotify traffic

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    A transparent squid proxy would only catch HTTP traffic, nothing else. It could be using HTTPS, or a port that isn't HTTP at all inside the client. Isolate a machine running spotify and check the state table and/or packet captures of that system's traffic, see what it is and where it's going.
  • bmeeksB

    Snort Package HOME_NET - Your opinion on its automatic generation

    17
    0 Votes
    17 Posts
    7k Views
    bmeeksB
    @slagr: Is there any reason why alias with URL type could not be used in snort  whitelists ? Well, at the moment the Snort code is only expecting hosts or networks.  I can look at including URLs in the update I'm working on. Bill
  • E

    SquidGuard + SSL certificate for error page served over HTTPS

    2
    0 Votes
    2 Posts
    5k Views
    N
    Hi, if you modify anything on .conf files it will be overwritten. You need to change this in the following two files: /usr/local/pkg/squidguard.inc /usr/local/pkg/squidguard_configuration.inc Further I had some problems in the past to get the sgerror.php page displayed correctly if I have the pfsense webGUI running on https. So probably best would be to first change the .inc file and /or then try without pfsense webGUI on HTTPS but5 revert - for testing - back to http.
  • F

    Help getting started with Avahi

    5
    0 Votes
    5 Posts
    2k Views
    G
    @Fumbles: Does anyone have a newbie friendly, step by step guide on what I need to do to get this working and to test it properly? I remember that I installed it once and that it worked out of the box. There is not much to configure. I don't have it installed anymore.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.