1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    W

    @qinn
    Sent him an email Dan an email to the address on his site.. Not sure what is happening, my Teams stopped working. Disable it/turn it off and the problem went away.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J

    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection.

    If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application?

    Thanks.

Log in to post
Load new posts
  • N

    [Resolved] Squid error after update 2.0-RC3 (i386) built on Tue Aug 30

    Locked
    4
    0 Votes
    4 Posts
    14k Views
    R

    @nl:

    I've found the problem :

    Disable loopback interface in squid and everything goes on.

    I've checked my squid.conf after applying your method and I think I understand now - your fix does exactly the same thing as mine.
    Simply after adding loopback interface squid puts incorrectly
    http_port 127.0.0.1:3128
    thus disabling next line with transparent option, so it's a slight change in GUI interpretation in the latest version of squid package.

  • JSmoradaJ

    Email in Countryblock

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T

    The email feature is outdated and not needed anymore. The email feature will be removed in the next version.

  • 1

    PfSense packages not showing

    Locked
    3
    0 Votes
    3 Posts
    14k Views
    1

    Thanks jimp ;D, sorry I should of said I was setting it up behind an Untangle box, tried it with a straight connection to the internet and brought up packages no problem. The command also worked when behind the untangle box. Once I get pfSense all set up I will replace Untangle and have Untangle in transparent bridge mode. Once again thanks  ;D

  • L

    SquidGuard configuration hacks for nanobsd (4g), please.

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ

    The basic functions can work, passing/blocking, but blacklists cannot work there.

  • N

    [SOLVED] sanpshot 15 July amd64, freeRADIUS not starting correct

    Locked
    3
    0 Votes
    3 Posts
    5k Views
    N

    Hi,

    the problem with acc_users was that the service dind't start in any case. There was an error while starting freeRADIUS.

    The problem with

    "php: : Not calling package sync code for dependency freeradiussettings of freeradius because some include files are missing".

    I didn't get the past weeks but it comes up again - but radius is working.
    I have this still with squid but squid is working, too.

  • S

    IMSpector upgrade

    Locked
    34
    0 Votes
    34 Posts
    15k Views
    B

    @rambabu_mail:

    Thank you very much for your reply bill,
    Can you please explain how to configure it properly. I can see yahoo and msn chats but not gtalk. I have created the certificate through Cert Manager gui as an internal certificate and provided the same in Imspector configuration. Is this correct. Are there any steps required. Pls help.

    You configured the Certificate Authority and the system cert?  That's all you should need.  Again the error implies that the Google server didn't present a cert (which is rather odd).  Maybe something else is intercepting your chats?

    –Bill

    --Bill

  • R

    Squid Access Logs

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    M

    Have you found a solution to this?  I am trying to figure out how to control how much history is analyzed by lightsquid?  Not sure whether to leave the log rotato variable in squid blank, etc.  Thanks.

  • M

    SquidGuard / Squid Not Logging Blocked WebSites?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D

    2 Miller88
    Pls post you Proxy Filter config.

  • M

    PfSense 2.0 RC3 and Squid log rotation with Lighsquid Proxy Reporting?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • ?

    Necessity of Snort

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    N

    Closing all ports on the WAN site will help you to prevent someone to get access to your network from OUTSIDE your LAN.

    snort will work on your LAN side. it could detect if a virus or a trojan or a hacker who got access for example over wifi to your LAN network initiates traffic from LAN to WAN. In general you do not really need this in a home environment with less clients and if you know who has access to this/your network.

  • T

    Snort package on 64 doesn't work

    Locked
    55
    0 Votes
    55 Posts
    20k Views
    P

    I would be willing to contribute to the fund for getting AMD64 working properly.

  • T

    P3scan

    Locked
    11
    0 Votes
    11 Posts
    4k Views
    T

    Thanks Tommyboy180 I cant say that enough.

    Thanks to you and also all the other package Creators, and  pfsense developers that have been work so hard to make pfsense what it is today by sharing, giving us such great packages, your precious time and pfsense.

    Please Support pfsense package creators
    And Pfsense

  • V

    Bandwidth mangement on pfsense 1.2.3 with squid 2.7.9_4.1

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • O

    DNSBlacklist - script for more Ad-Filters

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    S

    to be a good net citizen, I would highly recommend either of the following with fetch. Of course that will require you to leave an unmodified copy of the file on your system, such as not deleting from /var/tmp/moreHosts.

    from man fetch:

    -i file     If-Modified-Since mode: the remote file will only be
                    retrieved if it is newer than file on the local host.  (HTTP
                    only)

    -m          Mirror mode: if the file already exists locally and has the
                    same size and modification time as the remote file, it will
                    not be fetched.  Note that the -m and -r flags are mutually
                    exclusive.

    Also from your script, your assuming /var/backups exists you might want to modify your script to check for its existence, and then use mkdir -p which will create all needed directories.

    Just my $0.02.

  • T

    Custom SquidGuard Error Pages - How to???

    Locked
    27
    1 Votes
    27 Posts
    102k Views
    S

    Well, if you mess your configuration, you can just press the Save and Apply buttons in the squidguard configuration page. It seems that you enabled the safesearch option (rew safesearch in your config file). In other hand, have you ever updated your blacklist? Because there aren't dest option in your file, here is my squidguard.conf file:

    # ============================================================ # SquidGuard configuration file # This file generated automaticly with SquidGuard configurator # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ logdir /var/squidGuard/log dbhome /var/db/squidGuard # dest blk_BL_adv { domainlist blk_BL_adv/domains urllist blk_BL_adv/urls        redirect http://[pfsense_ip]:81/sgerror.php?url=blank_img } # dest blk_BL_aggressive { domainlist blk_BL_aggressive/domains urllist blk_BL_aggressive/urls } # dest blk_BL_alcohol { domainlist blk_BL_alcohol/domains urllist blk_BL_alcohol/urls } #Several "dest" options....   # rew safesearch { s@(google\..*/search?.*q=.*)@\1\&safe=active@i s@(google\..*/images.*q=.*)@\1\&safe=active@i s@(google\..*/groups.*q=.*)@\1\&safe=active@i s@(google\..*/news.*q=.*)@\1\&safe=active@i s@(yandex\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i s@(search\.yahoo\..*/search.*p=.*)@\1\&vm=r&v=1@i s@(search\.live\..*/.*q=.*)@\1\&adlt=strict@i s@(search\.msn\..*/.*q=.*)@\1\&adlt=strict@i s@(\.bing\..*/.*q=.*)@\1\&adlt=strict@i } # acl  { # default  { pass !blk_BL_adv all redirect http://[pfsense_ip]:81/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u } }

    I use the shallalist.de blacklist.

  • C

    Spamd ?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    C

    Listen on a virtual IP

  • H

    Vanish and Management Interface

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    H

    Thanks it is now working.

  • G

    DNS-Server package not completely removed - How can I get rid of remnants

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • M

    Snort: Failing messages - FATAL ERROR: Failed to Lock PID

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    M

    Good to know; Thank you Cino!

  • W

    Ntop

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    If they both installed the exact same version of perl, it wouldn't be removed. You may have installed them at different times so they installed different (conflicting) versions of perl, so it took out one without realizing it was taking out the other.

    In the future we are working to completely isolate the packages and their dependencies from one another so they can't impact the base system or each other in that way, but it won't be happening for 2.0.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.