1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    A
    @GPz1100 I ran into this same exact issue. I don't have the Prefer IPv4 over IPv6 box checked, but I do have IPv6 enabled. I think the real issue is that Let's Encrypt's server seems to respond with "Recv failure: Connection reset by peer" on almost every request when using IPv6. I tested this by using the command curl -v https://acme-v02.api.letsencrypt.org/directory from pfsense's shell. To work around it, I modified the ACME script as you described. In the file /usr/local/pkg/acme/acme.sh, I updated line 1887 from: _ACME_CURL="curl --silent --dump-header $HTTP_HEADER " to: _ACME_CURL="curl -4 --silent --dump-header $HTTP_HEADER " After forcing curl to use IPv4, both certificate registration and renewal from the acme package started working again without issue.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • S

    Lightsquid problem?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • E

    NTOP - to latest release

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • G

    [squid] pfsense 2.0 + squid : transparent mode not working

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • L

    Package Installation Issue

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    L
    i guess there is a hardware problem. when first time i installed pfsense system gave an error.
  • M

    Compiling binary with build options

    Locked
    19
    0 Votes
    19 Posts
    6k Views
    M
    @fireman039: Hi, Can you tell me if 0.5.4 packages will available soon. I want to ytry it with my Crystalfontz 635 Done! Here you find more details about it: http://forum.pfsense.org/index.php/topic,44034.0.html Consider that it is a developing version! In your case the driver you should use is: CFontzPacket. Ciao, Michele
  • C

    Squid vs varnish

    Locked
    3
    0 Votes
    3 Posts
    5k Views
    marcellocM
    1-why pfsense become slow? 2-Do you have any Precaution to overcome this problem? take a look on this topic http://forum.pfsense.org/index.php/topic,43737.0.html Varnish was designed for reverse proxy, but can be used for proxy. it is fast on both situations Squid was designed for proxy use, but can be used for reverse proxy. It has many features, but is not that fast.
  • A

    PFFLOWD Active Flow Timeout

    Locked
    12
    0 Votes
    12 Posts
    10k Views
    M
    With the following run command: /usr/local/sbin/pfflowd -n 172.16.42.104:9991 -S in -v 9 The active flow timeout that needs to be set in PRTG is 11 minutes. Note, if you're utilizing VLANs and a single network interface like us then pfflowd will not correctly identify the source/destination vlan and you need to explicitly set the direction as either "in" or "out" for PRTG to not double count data.
  • cdsJerryC

    Snort service stops - wrong rules used?

    Locked
    15
    0 Votes
    15 Posts
    5k Views
    M
    done that . no luck
  • Z

    Openbgpd not coupling RIB with FIB

    Locked
    2
    0 Votes
    2 Posts
    6k Views
    Z
    This was actually due to the nexthop received from the peer not being our proper nexthop; we had to update the config to have openbgpd set the nexthop to be our actual next hop. Moral of the story: nexthop has to be locally reachable, somehow. That is to say, you must have a route that covers the IP given in the "Gateway" column of bgpctl show rib; if you do not, you must either add such a route or add this line: set nexthop <gateway ip="" for="" isp="">to the neighbor config for the peer that's sending you BGP routes. (This automatically translates to a "match" filter rule that simply does the same thing, but I find this looks simpler and does not appear to be deprecated.)</gateway>
  • T

    Transparent proxy - some sites time out

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T
    Hmmm… perhaps this is in the wrong forum?  As my query was browsing related and I'm using transparent squid I thought I'd post here. But the most closely related threads I see from other members are over in the NAT section... If this is the wrong spot mods let me know and I'll move this and post elsewhere - don't want to cross-post.
  • N

    SquidGuard Log Rotate - more than one day - How to !?

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    N
    Hi, I thought I did this with this line:       $opt    = array("4", "4", "*", "*", "1", "root", "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE); The cron tab changed to: 4      4      *      *        1  root    /usr/bin/nice -n20 /usr/local/etc/rc.d/squidGuard_logrotate Which is - if I am right: Every monday at 04:04AM, isn't it ?
  • C

    PHPservice

    Locked
    1
    0 Votes
    1 Posts
    882 Views
    No one has replied
  • C

    Lusca Cache management

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • K

    Transparant squid -> no DNS

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    T
    If you do want to use auto-detect though and IE refuses to play ball I've often found it to be one of two things… If you configured your wpad using DNS (and not DHCP) then make sure you've used an A record for the wpad entry, and not a CNAME.  For some reason IE doesn't like CNAME's.... IE sets a registry entry to store the results of its automatic detection ("Automatic Proxy Result Cache")... IE then stubbornly refuses to re-detect things if your WPAD changes  ::). So; if you deployed a broken WPAD.dat file as you were refining your javascript, IE will make a note it's broken and never bother to check if it's fixed.  I normally resolve this IE issue by resetting IE to it's default settings (tools -> Internet Options -> Advanced -> Reset...).  There are other ways but a google search will help you there, resetting IE doesn't bother me too much.  Note that as Chrome uses system proxy settings it too will suffer from this...  the reset of IE will fix both browsers. (Make sure you've tested you're WPAD.DAT file using something free like pactester etc. so you know your WPAD.DAT is valid).
  • C

    Varnish features

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    can these features are present in varnish: 1-Give report of cache material(Hint: Like the lightsquid provide report in squid) 2-I can give specific space in hard disk for cache material. 3-automatic cleaning of cache material will start when given space of hard disk is 95% fill(Hint :this function is present in squid). 4-cleaning method: remove those material which is most low used(Hint: this feature is present in squid) I don't think so. You are comparing apple to oranges. 1 - Varnish use logs only in memory for better performance. When you want to debug, you need to dump logs from memory to disk with varnishlog.     also take a look on varnishhist and varnishstat. 2 - you can change storage type to disk, but I do not recommend it.    take a look on this topic about disk performance http://forum.pfsense.org/index.php/topic,43737.0.html 3 - Specify a cache size that do not full your filesystem 4 - you can purge things using management interface Please, take a look at varnish documentation. Varnish package gui has a lot of links to it.
  • S

    Snort: drop, not block

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    marcellocM
    The only one with snort args  ;) Snort2c
  • C

    Varnish configuration

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    marcellocM
    take a look at varnish documentation. Varnish is not so easy to configure, the gui helps, but it still need some varnish knowledge. @crazyzoar: Please tell me the configuration of varnish. i am new on pfsense. i don't know that what values i shall have to write on varnish setting: Listening port (usually 80) Managment interface (usually localhost) Advanced startup (usually empty) Storage type (ram for better performance) Cache storage size in megabytes/ (depends on how much ram/disk you have) Minimum worker threads (could be 32 but depends on your hardware) Maximum worker threads (could be 1024 but depends on your hardware) Worker thread timeout (could be 300) Client identity method (ip address is more compatible with sessions) Don't cache posts (yes, don't) Session Cache (per user is a good choice ) take a look on field documentation link Cache static (when possible cache only in session, always remove cookies before cache) Fix gzip compression recommended Be RFC2616 compliant recommended Foward client IP userfull to log remote ip on web servers using x-forwarder-varnish var Fetch Grace How many time varnish will keep cached objects. HINT 60s, 30m, 1h Retries how many times retry url before sending error to users or checking for fail over Saintmode How many time varnish will send cached objects from a down backend to client. HINT 60s, 30m, 1h Custom Html error message how to send error messages to users
  • S

    Snort pkg updates

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    RonpfSR
    Try to resintall from 2.0.1 to 2.0.2, no alert was generated. I did the following: remove 2.0.2 install 2.0.2 Services: Snort: Global Settings / Save Snort: Interface Edit: / If Settings / Save Services: Snort: Updates / Update Rules Now alerts are generated  :)
  • B

    Authentication Problem on freeradius

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    S
    It would be nice for fellow users having the same problem to know HOW you solved your problem..
  • marcellocM

    Few days after install, it's getting sloooow

    Locked
    7
    0 Votes
    7 Posts
    7k Views
    marcellocM
    I'm doing this, I have two pfsense as firewall with carp as firewall and also load balancing smtp connections to both smt servers. I really like pfsense gui, sync and backup. That's why I'm porting these packages to it. On large systems like this I have each service on it's own server. But when a client has only one machine(not so good for virtualization) to use as firewall, proxy, etc it's good to have package options to build UTM with pfSense.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.