1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    A
    @GPz1100 I ran into this same exact issue. I don't have the Prefer IPv4 over IPv6 box checked, but I do have IPv6 enabled. I think the real issue is that Let's Encrypt's server seems to respond with "Recv failure: Connection reset by peer" on almost every request when using IPv6. I tested this by using the command curl -v https://acme-v02.api.letsencrypt.org/directory from pfsense's shell. To work around it, I modified the ACME script as you described. In the file /usr/local/pkg/acme/acme.sh, I updated line 1887 from: _ACME_CURL="curl --silent --dump-header $HTTP_HEADER " to: _ACME_CURL="curl -4 --silent --dump-header $HTTP_HEADER " After forcing curl to use IPv4, both certificate registration and renewal from the acme package started working again without issue.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • M

    Stunnel / anyterm workarounds 2.0-RELEASE

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • B

    Proxy 1 IP Address through US??? SQUID???

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    marcellocM
    Not sure how to do this with acls, but you can copy squid.conf file and run a second daemon on other port. Or install a virtual machine with squid for vlan 5.
  • V

    Fatal error in arpwatch_reports.php on line 37

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    V
    Sorry, pFsense 2.0
  • R

    Squid and captive portal

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    R
    I do not have any 2.0 running atm. Would try so in near future…
  • A

    Snort block

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    A
    Does anyone have any idea about this?  This seems to be an important concept of Snort that I'd like to learn.  Once again, for all enabled rules, some only alert, while other alert and block.  What determines blocking?
  • S

    Load Balance DNS (new in 2.01) Fall Back pool not working

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    jimpJ
    Because relayd does not support udp in general, but does support DNS. From the relayd.conf man page: The protocol directive is available for a number of different application     layer protocols.  There is no generic handler for UDP-based protocols     because it is a stateless datagram-based protocol which has to look into     the application layer protocol to find any possible state information. And then: dns protocol             (UDP) Domain Name System (DNS) protocol.  The requested IDs in             the DNS header will be used to match the state.  relayd(8)             replaces these IDs with random values to compensate for             predictable values generated by some hosts. http protocol             Handle the HyperText Transfer Protocol (HTTP, or "HTTPS" if             encapsulated in an SSL tunnel). [tcp] protocol             Generic handler for TCP-based protocols.  This is the default.
  • A

    Ssp_ssl: Invalid Client HELLO after Server HELLO Detected

    Locked
    4
    0 Votes
    4 Posts
    11k Views
    D
    Hi Marcelloc, Thanks for your answer, but I did exactly that. I have serveral other suppressions and they work properly; they don't show up in the alert list and they don't get blocked… With this one they don't show up in the alert list, but they get blocked(?)
  • M

    Squid is Slow working

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    marcellocM
    hdparm -tT /dev/sda It's a linux tool for hard disks. Pfsense is build on freebsd platform.
  • ?

    Is there someone uses Zabbix Proxy or Zabbix Agent?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jaderJ
    @guano: I installed them but i need some help to use. I've being trying to INSTALL for at least one week… allways fails:``` Saving updated package information... done. Downloading Zabbix Proxy and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/8/All/zabbix-proxy-1.8.5,2.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/8/All/iksemel-1.4_3.tbz ...  (extracting) Downloading http://files.pfsense.org/packages/8/All/p11-kit-0.9.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/p11-kit-0.9.tbz. of zabbix-proxy-1.8.5,2 failed! Installation aborted.Backing up libraries... I'll keep trying… I'm installing a new pfSense (my FIRST in production) and this is a nice addon, because I have a zabbix install to monitor anything but kitchen sink! :)
  • M

    Snort and blocking IPs

    Locked
    9
    0 Votes
    9 Posts
    11k Views
    D
    I too have the same problem. Isn't it possible to allways block the destination ip on one interface? So I can block destination ip-s on my LAN and source ip-s on the WAN interface…
  • C

    Squid covering the space of harddisk so quickly

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    Squidguard has a gui option for it. Without squidguard, include file extension/mime types custom acls in squid gui. To find an acl that exclude some file types, just Google for squid +acl +file + extension
  • V

    Basic url filter

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    V
    Ah yes, this is very nice thank you. Will be very handy :)
  • gwhynottG

    Postfix-Fowarder breaks system when enabled on 2.1

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    gwhynottG
    @darklogic: update your postfix forwarder from 2.3.2 to 2.3.3. It resolved the same issue you are having. as indicated in the link.  but thanks for taking the time to post. -g
  • A

    Freeradius with rlm_ldap?

    Locked
    17
    0 Votes
    17 Posts
    15k Views
    N
    @aranel Is LDAP working for you now ? It would be greate to know if it is working now with the compiled module. I do not have any LDAP here to test with. Thanks for your feedback!
  • H

    SNORT Wont Start after Upgrade to 2.9.1- FATAL ERROR: Unable to open rules file

    Locked
    3
    0 Votes
    3 Posts
    5k Views
    H
    Snort Suppression Tutorial . . . https://www.youtube.com/watch?v=uQ7OrxtiAes Add Snort Suppression for Error: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE suppress gen_id 120,sig_id 3 Go to Snort WAN interface edit; Scroll down to Suppression and filtering Choose the Suppression just created Click Save Restart Service Do a port scan to see if it would trigger an alert https://www.grc.com/x/ne.dll?rh1dkyd2 Good to Go Again  ;D  :D One down one to go.. Only need to Upgrade to Pfsense 2.0.1 now Cheers  8) Problem Solved…can someone mark it as solved ?? I hope i dont have to repeat this process when i Upgrade to Pfsense 2.0.1
  • W

    Unbound updated to 1.4.14

    Locked
    26
    0 Votes
    26 Posts
    7k Views
    johnpozJ
    Ok that seems to have fixed it, now it listens on both lan and loop when both selected in the gui Thanks! But I did not see it download the actual package .tbz file – guess I could completely uninstall it and then check with pkg_info to see if unbound its gets removed and if it then download loads it. But since it working and on current version I think will leave it until 1.4.15 comes out to test ;) Thanks again for the fix! But kind of curious still about the out of sync other packages. So 1.4.14 says it needs expat-2.0.1_2, but have _1 installed -- can I force removal and then install _2 -- but could that break git, cuz I use that like once a week when new changes come out.
  • D

    All installed packages are missing after upgrade from 2.0.0 to 2.0.1

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    D
    thank you so much , server up. regards
  • L

    Transferring lightsquid logs and squid cache folder

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    Compress logs with tar then transfer file to another server using scp for example. tar -cvzf backup.tar.gz  /path/to/squid/logs
  • C

    Disk space used by squid.

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    L
    even easier.. nice one.
  • N

    Can u help me!!!!!

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    G
    Well, i have installed the previous and use the software i need it to run ;) That works out for me!! Thats a temp solution, of course when everything be back, i will update it and move forward :)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.