1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • M

    Postfix: outgoing only smtp for trusted networks (as smart host)

    3
    0 Votes
    3 Posts
    2k Views
    M
    that was the right starting point. thanks for the hint
  • M

    Snort & PPPoE: Snort refuses to start(?)

    45
    0 Votes
    45 Posts
    12k Views
    M
    @bmeeks: I assume this is on a 2.0.x box?  Shared libraries such as pcap, MySQL and others can be a real pain.  That's what is so nice about the PBI setup on 2.1 boxes.  In effect each app has its own sort of "application jail" where it can install and remove shared libraries as necessary without impacting other applications that may have some of the same shared libraries.  In actuality, these libraries are no longer "shared" in the classic sense with the PBI setup. Each application has its own independent copy of them. Bill Thank you for your answer, Bill, and yes, you are right, this is 2.0.3. I can really appreciate what is in 2.1, and that is why I am eagerly awaiting that it is officially released  :P
  • A

    Freeradius2 + LDAP = user quota ?

    2
    0 Votes
    2 Posts
    3k Views
    N
    Hi, everything on the "Users" tab just works for local configured users. The accounting features like BANDWIDTH and AMOUNT OF TRAFFIC on the GUI are just working for local configured users. If you want to connect freeradius with MS AD you should check the wiki: http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package There are some discussions - not sure if the connection is working without having samba installed and configured on pfsense. When using LDAP for authentication then you need an external *sql database to do the accounting. Then you can do BANDWIDTH and AMOUNT OF TRAFFIC - but you need to configure this on the database but not on freeradius GUI itself anymore.
  • ?

    Snort

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    @cdx304: Do i have to run snort on the ipv6 interface or just the ipv4 interface . It will run on either or both (if desired). Bill
  • perikoP

    Squid 2.7 squid_ldap_auth windows 2008r2 ad GUI wrong?

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • R

    Pfsense + squidguard blocks an url from a deleted common acl rule

    10
    0 Votes
    10 Posts
    12k Views
    S
    Did you try clearing your browser cache!? And accessing the same site!
  • C

    Basic Understanding Of ipguard-dev

    2
    0 Votes
    2 Posts
    1k Views
    C
    Through trial and error, I have found that if I use the wan interface IP + Mac address it will open my firewall up and I was very lucky to shut it down before a hacker took control of everything. Basically, I have a router/firewall from my isp that connects to my pfsense box and then it connects to my computer from the Lan side. The attack that I experienced almost immediately which just shows you how vicious these hackers can be. Somehow they punched right through everything using my wan ip address and attacked port 5022 which I looked up and it's called a mice server. Apparently it's main vulnerability is that it can be used for denial of service attacks. Besides that everything else was fine. As soon as I removed my wan ip address coming off the isp router it immediately started blocking 1 ip address from France and 2 ip addresses from the United States. But yes, ipguard-dev is a very serious tool and if there is any real documentation on it could someone please point me to the right direction.
  • K

    Combination of Squid Stable and Dansguardian causes very high MBUF

    5
    0 Votes
    5 Posts
    2k Views
    K
    A can confirm that making the changes helped MBUF.  No more issues.  I didn't have any erratic behaviour so I didn't apply the NIC specific fixes.  Just the increased MBUF.
  • N

    DansGuardian Error connecting to proxy

    13
    0 Votes
    13 Posts
    8k Views
    R
    @ccarreraalza: hello again, my problem persists, I have installed squid3 but does not solve the problem, I have the dansguardian 2.12.0.3 v0.18. How do I update dansguardian without losing data configuration and webconfig? You can simply pull the DG executable out of the package you download from Marcelo's site. That said, I see no reason why a newer version would solve your problem. 2.12.0.3 DG should be able to connect to Squid and I highly suspect that something else is wrong with your configuration. Can you forget about DG for the moment, make sure squid is running stable and that you can stay connected to it? So… setup squid on the lan interface and manually connect to it as a proxy? Just trying to eliminate variables...
  • S

    FreeRADIUS and EAP-TLS only (security relevant pitfall)

    2
    0 Votes
    2 Posts
    2k Views
    N
    Yes, that is unfortunately a problem with freeradius2. You can use the one or the other security mode but if you are using both together then it could make problems because it could switch to an unwanted method. This is because when configuring freeradius2 by hand you would create different virtual servers, every server with different configuration. (…/sites-enabled/...) but on pfsense freeradius2 uses just one server called defauolt (.../sites-enabled/...). So if you would like to do what you described in you post you need to modify the /usr/local/pkg/freeradius.inc file. There you find somewhere the eap.conf part and there just comment the line you do not need, save and then you can use the GUI to do any other changes with getting the eap.conf overwritten with "wrong" code.
  • A

    Captive Portal Authentication

    4
    0 Votes
    4 Posts
    4k Views
    E
    No problems, i moved mostly because of easily findable thread inside the topic. But the same is for all versions as of today you need IAS.
  • K

    Squid stable stops working and can't be restarted

    4
    0 Votes
    4 Posts
    2k Views
    K
    What you just explained sounds pretty close to what I am discovering. For your 8GB system I would have expected that allocating 2GB "Memory cache" and 40GB HD cache would have resulted in: 4% of 40GB = 1.6GB The 2GB you allocated to Memory cache = 3.6GB minimum ram used by squid as the caches fill which is very near what you show. I like simple formulas for determining such things. Maybe 5% or even 6% would be a safer start point than 4% based on your post. Thanks for the post.
  • J

    NTop password

    3
    0 Votes
    3 Posts
    1k Views
    J
    :D sorry…
  • J

    HAVP Won't Install on 2.0.3 X86_64 Machine

    2
    0 Votes
    2 Posts
    2k Views
    M
    @jfoshee: I try to install HAVP Antivirus BETA 0.91_1 pkg v1.01 platform: 1.2.2 on PFSense 2.0.3 but it hangs every time. Beginning package installation for HAVP antivirus… Downloading package configuration file... done. Saving updated package information... done. Downloading HAVP antivirus and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/amd64/8/All/havp-0.91_1.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/amd64/8/All/libltdl-2.4.2.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/amd64/8/All/unzoo-4.4_2.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/amd64/8/All/lha-1.14i_6.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/amd64/8/All/arj-3.10.22_4.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/amd64/8/All/arc-5.21p.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/amd64/8/All/clamav-0.97.5_1.tbz ...  (extracting) Loading package configuration... done. Configuring package components... Additional files... done. Loading package instructions... Custom commands... Executing custom_php_install_command()...done. Executing custom_php_resync_config_command()... It will not go any futher then that. I check the logs and this is what I found Jul 1 14:21:25 php: /pkg_mgr_install.php: Beginning package installation for HAVP antivirus. Jul 1 14:21:53 php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/havp' returned exit code '1', the output was 'Usage: /usr/local/etc/rc.d/havp fast|force|one' Jul 1 14:21:53 php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/clamd.sh' returned exit code '127', the output was '/usr/local/etc/rc.d/clamd.sh: not found' Jul 1 14:21:53 check_reload_status: Syncing firewall Jul 1 14:21:53 php: /pkg_mgr_install.php: Stopping HAVP I have tried uninstalling and re-installing along with rebooting but nothing fixes it. This is a fresh box install with no other packages installed. Anyone have any ideas? Did you have an old version installed before? Uninstall it and go to the console and open a comand line type "pkg_info" and see what shows up.  It sounds like an old version or something else is confilicting with it.  If you do see and old version type "pkg_delete -f package_name" reboot and try to reinstall.
  • D

    BGP daemon that works with RADIX_MPATH / ECMP in FreeBSD-HEAD

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • R

    Unbound (multi domain?) problem with hosts entries from Domain Forwarder

    2
    0 Votes
    2 Posts
    1k Views
    R
    Hi thanks problem is fixed with last unbound update ;)
  • Z

    Haproxy-devel or haproxy-full+stud? In jail or on host pfSense 2.1?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Z

    Havp works in 2.1 but shows warning alterts

    1
    0 Votes
    1 Posts
    886 Views
    No one has replied
  • V

    Openbgp 0.6 PROBLEM

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • perikoP

    Squid smartphones issues with youtube?

    1
    0 Votes
    1 Posts
    934 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.