1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    johnpozJ
    @ha11oga11o said in Please help to configure HAProxy to serve certifficate on internal LAN too: Just to add again, that blo***dy nextcloud app has to be on same domain name connection and same cert. Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    C
    @Gertjan yes, that was an example, a false positive from a list that is not being blocked anymore.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    641 Posts
    L
    For some odd reason, even though the service seems UP, and routes (apparently from tailscale) looks fine, the service itself is not working. E.g. I cannot connect to other hosts on my tailscale network. From pfsense itself it works, but not from my e.g. my LAN. As soon as I restart the tailscale service in the UI it works immediately after.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • sgseidelS

    iperf3 won't automatically restart after reboot

    7
    0 Votes
    7 Posts
    3k Views
    S
    @sgseidel, Understood. I just posted into the developer forum asking for some assistance in getting started to setup a development environment, how to build pfSense packages and that. I am hopeful that I will get some guidance and then move forward in improving the pfSense implementation of iPerf3. Stuart
  • Cool_CoronaC

    Patches package gone from 2.5.2 branch??

    14
    0 Votes
    14 Posts
    2k Views
    Cool_CoronaC
    @bcdouglas [image: 1667942055758-a77176e9-98be-4909-84d9-d182f3597f01-billede.png]
  • J

    HAProxy 301 Redirect

    9
    0 Votes
    9 Posts
    2k Views
    V
    @johnoatwork Dude, you have two ACLs in this single rule which are mutually exclusive! So this rule cannot work at all. www.example.net - requires that the host name includes "www.example.net" aclcrt_SharedFrontendHTTPS - requires that the host name includes "example.com" Both will never match to the requested host. So remove the second ACL from this rule.
  • T

    HAProxy php error after devel-update

    1
    0 Votes
    1 Posts
    608 Views
    No one has replied
  • R

    PfSense 2.0.3 OpenVPN Client Export Utility config file name

    4
    0 Votes
    4 Posts
    4k Views
    B
    @jimp after so many years, searching in the forum came to this post. I need to rename the config file for the export, to be more clearly named. Is there any way to have it in the Additional configuration options ?
  • D

    ntopng Ghost hosts?

    3
    1
    0 Votes
    3 Posts
    1k Views
    M
    @deanfourie did u ever find out? i would also like to understand this as i have the same issue
  • J

    ntopng not displaying properly on firefox

    3
    1
    0 Votes
    3 Posts
    922 Views
    bingo600B
    @jsbsmd Seems to work fine on FF linux Mint [image: 1667415375155-07784cef-4a8f-4098-a9f0-86003f39a945-image.png] [image: 1667415388069-9e22f710-27cb-44d7-a513-cda8552f1c58-image.png]
  • N

    openvpn client import can't import tls-crypt info

    1
    0 Votes
    1 Posts
    664 Views
    No one has replied
  • B

    OpenVPN/Freeradius issue

    1
    0 Votes
    1 Posts
    657 Views
    No one has replied
  • M

    Suricata does not start the interface

    6
    0 Votes
    6 Posts
    2k Views
    bmeeksB
    @fox95 said in Suricata does not start the interface: but what does work, is deleting the interface each time you want to make a change to the value because if you don't whatever new value you enter makes no difference. this was the original posters best advice. You should not have to delete the interface. I suspect what is actually happening is the stale PID file is preventing Suricata from starting with the new stream memcap value. Each time Suricata tries to start, the daemon creates a PID file in /var/run/ on pfSense. But due to the stream memcap error, the startup of the daemon is aborted and it fails to clean up after itself (leaving the now "stale" PID file). Simply go delete that file and it should start fine (once you get it happy with the stream memcap value). Notice the original error the OP posted about: 24/11/2019 -- 12:08:14 - <Error> -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_bce11963.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_bce11963.pid. Aborting! It is complaining about the leftover PID file. Simply deleting that referenced file will let it start. The reason deleting the interface appears to work is that each time an interface is created, a new UUID is also created. So that 11963 number that is part of the file name will change when a new interface is created, and therefore the daemon will not detect an "existing" file matching the new UUID.
  • S

    Unable to get available and installed packages through web UI (pfSense+ 22.05 AMD64)

    4
    0 Votes
    4 Posts
    1k Views
    S
    and then its just suddenly worked, typical technology. Thanks for the info!
  • F

    Package "System_Patches" - needed for Updates/Upgrade in virtual environment?

    2
    0 Votes
    2 Posts
    947 Views
    provelsP
    Yes, system patches is for seldom issued bug fixes between releases. But it doesn't cost you anything to install, and will be there should you need it.
  • T

    PHP Error openvpn-client-export sice update to pfSense 2.7

    3
    0 Votes
    3 Posts
    1k Views
    T
    @bmeeks Thanks, I opend a corresponding Ticket https://redmine.pfsense.org/issues/13570
  • J

    This topic is deleted!

    1
    0 Votes
    1 Posts
    4 Views
    No one has replied
  • jonemarsh12J

    This topic is deleted!

    1
    0 Votes
    1 Posts
    11 Views
    No one has replied
  • N

    log alert

    10
    0 Votes
    10 Posts
    1k Views
    GertjanG
    @norvik-it Ah, ok, nice example of taking care of a sick person with a shotgun. I use pfBlockerng-devel with dnsbl myself. It's web server doesn't "stop" like that every minute. The PID is here (according to the info found in the pfBlockerng-devel lighty webserver config file here /var/unbound/pfb_dnsbl_lighty.conf ) : /var/run/dnsbl.pid The process number is in that file : does it really stops every minute ? All the others : SquidGuard, ntopng iperf ClamAV ICAP are part of the 'do not belong on a firewall anyway (my opinion). I've installed this 'Service Watchdog' package and added a task : [image: 1665136084300-d9a1111e-b619-4028-9580-7a90f6642019-image.png] Unselecting the notification box will stop sending you mails. The issue is now a bit solved. Next step : check if the service is really stopped. And if so, why / by who / what reasons ?! Example : [22.05-RELEASE][admin@pfSense.xxxxx.net]/root: cat /var/run/dnsbl.pid 4622 [22.05-RELEASE][admin@pfSense.xxxxx.net]/root: ps ax | grep '4622' 4622 - S 0:00.02 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf 35843 1 S+ 0:00.00 grep 4622 So the process running. If all these process are really killed on your system every minute, I can advise you to do one thing : Remove / disable all these packages. Or, as stated above, find the reason why they are dying on your pfSense, or are getting killed. Remove the issue for each of them. Example : if free RAM gets low, the system will kill processes, this is known as the OOM (Out Of Memory) event. Restarting them in that case is a really bad idea.
  • lohphatL

    Alias Match vs Native

    1
    0 Votes
    1 Posts
    571 Views
    No one has replied
  • PPCMP

    openvpn-client-export - naming openvpn client config

    2
    0 Votes
    2 Posts
    1k Views
    V
    @ppcm The export bundle is an self-extracting 7-zip. You can simply open it with the 7-zip FM and rename the .ovpn file.
  • C

    freeradius3 google authenticatior is not working

    1
    0 Votes
    1 Posts
    657 Views
    No one has replied
  • D

    UDP Broadcast Relay

    15
    2 Votes
    15 Posts
    8k Views
    M
    @gzesku 1.0 is only for dev builds.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.