1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • O

    Snort ignores the netlist

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M

    OK - I see.  So if you enter a CIDR into the dialog box then it IS a NETLISH.  whereas a single IP represents a WHITELIST only.

  • _

    Snort 2.9.3 v2.4.0 no alerts, no blocking…

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    _

    deinstalled snort, installed it newly, did a reboot after updating, snort started, but still no alerts nor blocking… :(
    But at all the overhaul was great! Behaves much better!!!!

    edit: snort started reporting alerts, but still no blocking :(

  • C

    Snort blocking ISP

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    M

    @ermal:

    Just reinstall and should behave better.

    Ermal, so far (since updating), it appears to have resolved my ISP gateway issue.  Thanks.

  • M

    Snort 2.9.2.3 pkg v. 2.4.1 Issues

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    E

    Reisntall to 2.4.2 and all should be ok.

  • E

    Sarg doesn't work

    Locked
    20
    0 Votes
    20 Posts
    9k Views
    B

    I just wanted to jump in and let people know if what my experience was;

    I installed Sarg and had the same issue.

    I tried all that was suggested in this thread and didn't find resolution.

    What seemed to work for me (and quite possibly is not the best solution) was to remove the Sarg package, connect to pfSense with WinSCP, navigate to usr/local and delete the sarg-reports directory.

    When I re installed the Sarg package, the reports worked fine.

    Just my 2c.

  • gwhynottG

    MailScanner - perl modules missing?

    Locked
    16
    0 Votes
    16 Posts
    12k Views
    I

    In a fresh install with just Mailscanner and Postfix Forward works OK

    Guilherme

  • A

    Re: Squid with identd lookups - SOLVED!

    Locked
    15
    0 Votes
    15 Posts
    15k Views
    marcellocM

    @chowtamah:

    By this setting, whether https traffic goes through squid?

    In transparent mode, never.

  • K

    Difference between packages: HAProxy and HAProxy-full

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM

    @kdillen:

    what is the difference between the 2 HAProxy packages ?  (HAProxy and HAProxy-full)

    The HAProxy-full is the 1.0 gui version with some improvements made by community, including doc.pfsense.org updates
    The HAProxy is the 1.2 gui version, working basically with http only.

    Both exists because 1.2 was published without improvements made on 1.0

    att,
    Marcello Coutinho

  • R

    Lightsquid fails to uninstall

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    R

    Okay, that did the trick.
    I reinstalled squid. Then I was able to remove lightsquid and finally remove squid.

    Thanks for the help.

  • C

    Snort 2.9.2.3 pkg v. 2.3.0 Issue Thread

    Locked
    22
    0 Votes
    22 Posts
    6k Views
    E

    Is this afetr a snort soft restart(with HUP signal)?

  • johnpozJ

    Vnstat2 with pfsense 2.1 snapshots?

    Locked
    8
    0 Votes
    8 Posts
    8k Views
    C

    sweet! i'm going to copy my post and start a new topic shortly… wanted to make sure it worked  ;) before giving it out to the masses.

    ps  Click on the pfSense GUI link... brings you back into the web interface

  • _

    Snort 2,923 v2.3.0 supress things…

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    D

    I agree with Cino, font size is too small to edit when browser is set to 100%. (Firefox)

  • G

    Re: Snort 2.9.2.3 pkg v. 2.3.0 webGui unaccessible

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    G

    Thanks for that I've got my web interface back and all is good.

  • rcfaR

    Ntop fontconfig error?

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    jimpJ

    OK, it was a PBI build issue but one that was easily solved, I was just missing a flag to tell it to use the fonts in the PBI rather than the system fonts.

    I rebuilt ntop and all of the fonts and the font config file should all be present now. Give it another try.

  • D

    Snort 2.9.2.3 pkg v. 2.2.4 crashes over non existent rules

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D

    Tested with Snort 2.9.2.3 pkg v2.3.0 and it works. No more issues.

  • C

    Bandwidth Usage/Statistics Question

    Locked
    11
    0 Votes
    11 Posts
    5k Views
    A

    Yes
    You can let it auto create sensors ant it should probe and find the servers and make snmp sensors . I think the newest version lets you add credentials so it can probe deeper and bring back more info such as cpu load disk status as well as traffic.

    Or you can manually add a sensor too a device (pf box) Need to add the device first. and add a filter so so each sensor watches for only 1 IP
    A simple filter is IP[192.168.2.40]
    set flow time out too 6 or 10 minutes.

    But try the auto create wizard first. If you put in the user/pw for the servers you might get all the info you need and more from that.

  • T

    Which HAVP Version for 2.01

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    F

    Platform on package manager means the minimum pfsense version required.

  • C

    Auto Backup Process

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C

    So I found the command which the package was using "bsdtar".
    I created a small script to generate the backup files and set up a cron job to run the backup every evening.
    Finally I set up rsync to create backed up files of the backup file on a separate server.

    Backup Script:

    #/bin/bash cd /home/user/backup mv -v pfsense_backup.tar.gz pfsense_backup_old.tar.gz bsdtar -c -z -f /home/user/backup/pfsense_backup.tar.gz /cf/conf /var/db/rrd /usr/local/bandwidthd /var/squid/logs /var/lightsquid/report

    Cron Job:

    0  2  *  *  *  root  /bin/sh /home/user/pfsense_backup.sh 

    Hope this helps someone out  :)

  • O

    Name that package.

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    N

    @OldChap:

    Probably a good thing that I installed 2.0.1 then.

    Thanks for saving me from some pain  ;D

    pfsense 2.1 is still in development. So no need to upgrade to 2.1 at the moment - if you do not have time to search for bugs and errors ;)

  • S

    HAVP Service Won't Start on nanobsd

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    S

    Ok, thank you for the clarification.  What if I mounted a USB flash drive on my ALIX board (it has a couple USB ports).  Could I run HAVP from that type of storage?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.