1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    tinfoilmattT
    Here. I think. Referenced as "github.com: vendor-provided URL vendor-advisory" in your link.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    648 Posts
    C
    @mightykong Yes, my system also requires a restart after reboot, and what has worked for me is: service tailscaled stop && tailscale logout || true && service tailscaled start && tailscale up What has worked for updates included a [sysrc tailscaled_enable="YES"] that is supposed to handle tailscale restart after reboot, but it has not worked for me. I am looking into it, and others will be as well. In the meantime, this is my update one-liner command line: service tailscaled stop && tailscale logout || true && fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6.pkg || exit 1 && IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.90.6.pkg && rm -f tailscale-1.90.6.pkg && service tailscaled start && tailscale up Options: add && tailscale version && tailscale status to automate a first check; and, the "rm -f tailscale-1.90.6.pkg" is not needed, but once I saw the suggestion, I decided to keep it.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi everyone, This is a noob question but already tried multiple and I hope some one can help with this. I have a Wireguard Tunnel configured and handshake is successfully performed and I can ping the server from the laptop but can't do it otherwise. Already deactivate the NAT feature and all the rules and no luck. Pfsense and this server is located in a Proxmox Server, laptop is a local. Any ideas? Thank you.
Log in to post
Load new posts
  • S

    Build DHCP6c from source on SG-1100

    1
    0 Votes
    1 Posts
    569 Views
    No one has replied
  • K

    pimd - doesn't appear to work

    5
    0 Votes
    5 Posts
    3k Views
    Cloudless Smart HomeC
    @kmarston fixed it, thanks!
  • J

    BIND/Avahi/radiusd packages missing from 2.6.0?

    3
    0 Votes
    3 Posts
    1k Views
    J
    @johnpoz - both of those packages appear to now be in the "available packages" list. Seems odd that for a couple hours they (BIND/Avahi) were 'missing' from the list, but hours later appear. Following the commentary from posts about "install from scratch" (using the copy config.xml to USB for restore) - only impact was where those two packages were absolutely required. Interesting on the naming aspect. Under 2.5.2, made sure that all the packages had been on the latest version, prior to upgrade. Not sure if that artifact is useful. While a bit off topic - where BIND/Avahi weren't required, the process was flawless and (as others have noted) there appears to be a sense of increased performance. (Hats off to folks responsible) Thanks!
  • luckman212L

    new System Patches v2.0

    Moved
    21
    1 Votes
    21 Posts
    6k Views
    chudakC
    @luckman212 said in new System Patches v2.0: @jimp I had to flip my update branch from 22.05 to 22.01 in order to see the 2.0_4 version. I installed it and then flipped back to the 22.05 track. Is that "normal"? I didn’t have to do this FYI
  • J

    HAProxy shared front end error files

    1
    0 Votes
    1 Posts
    610 Views
    No one has replied
  • C

    LCDproc port

    6
    0 Votes
    6 Posts
    2k Views
    C
    The end result (that wouldn't involve recompiling my own kernel/drivers etc) was to simply change the VID/PID in the display from the out of box settings of 0x1b3d/0x0155 to the FTDI defaults of 0x0403/0x6001. You can do this with "FT_Prog" on another computer running Windows or you can do it with another computer using "ft232r_prog" on Ubuntu Linux..... sudo ./ft232r_prog --old-vid 0x1b3d --old-pid 0x0155 --new-vid 0x0403 --new-pid 0x6001 ft232r_prog: version 1.25, by Mark Lord. eeprom_size = 128 vendor_id = 0x1b3d product_id = 0x0155 self_powered = 0 remote_wakeup = 0 suspend_pull_downs = 0 max_bus_power = 500 mA manufacturer = MO product = LK202-25-USB serialnum = 01wwkXXX high_current_io = 0 load_d2xx_driver = 0 txd_inverted = 0 rxd_inverted = 0 rts_inverted = 0 cts_inverted = 0 dtr_inverted = 0 dsr_inverted = 0 dcd_inverted = 0 ri_inverted = 0 cbus[0] = TxDEN cbus[1] = TxDEN cbus[2] = TxDEN cbus[3] = PwrEn cbus[4] = TxDEN Rewriting eeprom with new contents. /tmp/MO/ft232r_prog-1.25$ sudo ./ft232r_prog --save MO-lk202-25.dump ft232r_prog: version 1.25, by Mark Lord. MO-lk202-25.dump: wrote 128 bytes eeprom_size = 128 vendor_id = 0x0403 <---- IT'S DIFFERENT NOW product_id = 0x6001 <---- AND THIS IS TOO self_powered = 0 remote_wakeup = 0 suspend_pull_downs = 0 max_bus_power = 500 mA manufacturer = MO product = LK202-25-USB serialnum = 01wwkXXX high_current_io = 0 load_d2xx_driver = 0 txd_inverted = 0 rxd_inverted = 0 rts_inverted = 0 cts_inverted = 0 dtr_inverted = 0 dsr_inverted = 0 dcd_inverted = 0 ri_inverted = 0 cbus[0] = TxDEN cbus[1] = TxDEN cbus[2] = TxDEN cbus[3] = PwrEn cbus[4] = TxDEN No change from existing eeprom contents. Once that's done, you can plug it back in to pfsense and the driver will pick it up and ugen will do it's thing etc.... You'll finally end up with all of the /dev/cuaU0 /dev/cuaU0.init /dev/cuaU0.lock things that you need in /dev/ that you can then use to point the webUI/lcdproc towards.
  • D

    How to setup FreeRADIUS + MySQL

    1
    1 Votes
    1 Posts
    538 Views
    No one has replied
  • L

    HAProxy

    haproxy
    1
    0 Votes
    1 Posts
    839 Views
    No one has replied
  • JeGrJ

    Process to get package into official repositories?

    2
    1 Votes
    2 Posts
    929 Views
    bmeeksB
    Typically I believe the Netgate team expects a pull request against the appropriate GitHub repository. For packages, that would be ../pfsense/FreeBSD-ports available here: https://github.com/pfsense/FreeBSD-ports. There are some specific requirements in order for packages to work within the pfSense ecosystem. You can look over some of the packages to see what those are. GUI packages will start with the string "pfSense-pkg-*". Any underlying binary component is assumed to exist within the regular Ports tree of FreeBSD.
  • S

    HAProxy - Shared Front End but Do not Use CSP

    2
    0 Votes
    2 Posts
    1k Views
    S
    yeah - knew it must be a stupid question. found the option to add the CSP to the specific backend rather than in the shared frontend. all good
  • R

    Backup package causes crash report in pfSense 2.6.0

    9
    0 Votes
    9 Posts
    2k Views
    GertjanG
    @robert_knabe As far as I know, no one is complaining about the small file size handling capability of pfSense. The RRD files will still fit into the confiig file, and if logs are important (they are for me) an external syslogger shiould be used. But, why not, if you want, you can modify the php.ini file, as that's the way to change memory available to PHP. Two options : Write a small shell script that modifies the memory_limit if it doesn't contain the right value for you. Have this script started with the startcmd pfSense package. Use commands like 'sed' to replace a text in the file. You probably have to restart the PHP-FPM to take the new setting in account. Or, edit the php.ini file, and keep the old one. Create a diff file from these two files. Use the diff file and the pfSense patch package to patch the existing php.ini file. You will still have to restart php-fpm to have the modification taken in account. Both solutions will persist even after a pfSense upgrade. You could add a feature request, just keep in mind that it would be granted only if a lot of people are asking for it.
  • K

    pfsense squid reverse proxy emails with attachments not sent via mac os

    1
    0 Votes
    1 Posts
    543 Views
    No one has replied
  • D

    avahi mDNS - enable verbose mode?

    1
    1 Votes
    1 Posts
    797 Views
    No one has replied
  • T

    Upgrading to 22.01 from 21.05.2 services broken

    Moved
    2
    0 Votes
    2 Posts
    923 Views
    viktor_gV
    Please show the contens of /usr/local/etc/avahi/avahi-daemon.conf, and tail -n 50 /var/log/system.log output after restarting Avahi.
  • J

    Netgate Firmware Upgrade package not working after move to 0.51

    2
    0 Votes
    2 Posts
    1k Views
    J
    Disregard. Upgraded OS to pfSense 22.01 and the package works fine now.
  • O

    HAPROXY strange error after adding http-redirect frnt end

    1
    1
    1 Votes
    1 Posts
    462 Views
    No one has replied
  • T

    Anyone could create a Fast.com widget based on the speedtest-widget one ?

    1
    0 Votes
    1 Posts
    579 Views
    No one has replied
  • ?

    Is a new package version available for new pfSense version?

    5
    0 Votes
    5 Posts
    998 Views
    ?
    @steveits Thanks again! Yes, if I configure System -> Updates to stay at 2.5.2 (DEPRECATED) I do not see any available updates for my apps. But when I change to 2.6.0 I see updates for some of the apps. Still not for all, but this should be not an issue as they will run anyways- because there is no red sign then. Ok, I think I got it! Thanks a lot! /KNEBB
  • N

    FreeRADIUS: Attributes Conflicting with GUI Login

    6
    2
    0 Votes
    6 Posts
    1k Views
    N
    @nogbadthebad Correct. Supermicro IPMI. Most of my searches found people having issues getting authentication working with Supermicro. My issue is that all other devices that use RADIUS for authentication are all working (UPS’s, Supermicro IPMI, TrippLite PDU). It’s just the pfSense itself.
  • P

    HAProxy and other hosted sites on the same IP

    2
    0 Votes
    2 Posts
    1k Views
    S
    Not sure if you figured it out already since this post is a few days old, but I think you need to do two things: Remove your "Default Backend" entry (if you have a default entry, everything will be sent to that backend, regardless of the ACL you defined above) For the "Use Backend" action, you wanna populate the "Condition Acl Name" field or else the action wont match. So in your case, set the "condition acl name" to "LookingGlass" (the name you gave your "Host Matches:" ACL) You now should get a 503 error for all other requests until you define another acl that matches the host name and send that to the same (or a different) backend via another "Use Backend" action entry. Hope this helps. Still a beginner with ha proxy so not sure if this is the way to go, but for me in a similar situation that was what I had to do.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.