1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    tinfoilmattT
    Here. I think. Referenced as "github.com: vendor-provided URL vendor-advisory" in your link.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    649 Posts
    luckman212L
    @mightykong @CarlMRoss Looks like you might be experiencing https://github.com/tailscale/tailscale/issues/17793 I also have a 6100 + Tailscale 1.90.6 so I will test mine now. update: I don't seem to be having this problem, which is odd because I'm usually that one guy in a thousand who has the strange bug that nobody else can reproduce. Have you tried deleting the contents of /usr/local/pkg/tailscale/state ?

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi everyone, This is a noob question but already tried multiple and I hope some one can help with this. I have a Wireguard Tunnel configured and handshake is successfully performed and I can ping the server from the laptop but can't do it otherwise. Already deactivate the NAT feature and all the rules and no luck. Pfsense and this server is located in a Proxmox Server, laptop is a local. Any ideas? Thank you.
Log in to post
Load new posts
  • JonathanLeeJ

    Squid Proxy Server Clam AV showing outdated

    2
    2
    1 Votes
    2 Posts
    959 Views
    GertjanG
    @jonathanlee said in Squid Proxy Server Clam AV showing outdated: Where would I update if the packages show up to date? You don't. Half the planet sees this message nearly daily (using ANY OS, using the 'clamav' package). Read the proposed : DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Which explains the message.
  • M

    Interface Zabbix monitoring

    3
    0 Votes
    3 Posts
    2k Views
    M
    We tried to search for solution but unable to get it. Does anyone knows about the correct path for WAN interfaces.
  • P

    Unable to install git

    4
    0 Votes
    4 Posts
    1k Views
    P
    @jimp amazing. Thank you.
  • W

    [Solved] Login incorrect with FreeRADIUS to Google Authenticator

    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • T

    Block Internet but allow Visual Studio Code

    1
    0 Votes
    1 Posts
    836 Views
    No one has replied
  • J

    NUT Config: Omron UPS BWxT

    1
    0 Votes
    1 Posts
    914 Views
    No one has replied
  • W

    FreeRadius Interfaces

    6
    0 Votes
    6 Posts
    1k Views
    NogBadTheBadN
    @whitetiger-it said in FreeRadius Interfaces: @nogbadthebad Let's see if I understand correctly. The switch, instead of querying the RADIUS on the firewall IP, queries a virtual (and therefore non-existent) IP that you have associated with the localhost of the firewall itself. Nope its a virual address tied to the localhost interface, if I had bound my FreeRadius to the LAN interface IP and I had shut it down then devices couldn't authenticate. [image: 1636629989624-screenshot-2021-11-11-at-11.24.29.png] Good idea, but I didn't understand why. The IP of the firewall is however known, for example because it is the Gateway of the network, there is DHCP, DNS, etc. However, my question remains open. Is the RADIUS interface the network on which the users are located or the one on which the servers/devices interrogated by the user are located? From what you have posted, it seems to me that it is the second answer. The radius interface is the IP address that Radius requests are sent to, as per "Enter the IP address (e.g. 192.168.100.1) of the listening interface. If you choose * then it means all interfaces. (Default: *)" You can point your devices to any IP address any pfSense interface you want if you leave the IP address as the default of *
  • A

    Avahi: "Failed to create client object: Daemon not running"

    12
    0 Votes
    12 Posts
    15k Views
    R
    @rajid Followup: I've also found that I need to add a filter to allow mdns packets to "pass", otherwise they end up blocked. I'm still not seeing any mdns responses using the avahi programs (such as "avahi-browse -a"), but "tcpdump" shows the packets are there on the wire.
  • B

    WireGuard multiple client bug

    wireguard
    20
    0 Votes
    20 Posts
    5k Views
    B
    @jimp thx for the hint it's working now, it totally make sense now. hope it will you @bbusa as well
  • F

    Suricata won't auto start on reboot

    2
    0 Votes
    2 Posts
    964 Views
    bmeeksB
    Did you look in the suricata.log for the interface to see why Suricata was failing to start? You can view that log on the LOGS VIEW tab. The log is overwritten with each startup attempt of Suricata. It will contain the status of the last startup attempt of Suricata for the interface. Was it complaining specifically about failure to allocate Stream Memcap memory? With lots of cores, that value must be increased substantially from the default. You can search on Google for info on configuring the value. I seem to recall running across a formula quite a long time ago that let you calculate how large that value needed to be for a given number of cores.
  • ?

    Bug in wireguard Package Addon config found, when generating wireguard config

    2
    0 Votes
    2 Posts
    1k Views
    ?
    @4920441-0 If anyone is asking why this is a problem: I try to configure three tunnels which should connect 4 OSPF routers with each other.... For the first tunnel I could allow 224.0.0.0/6 but what should I do with the other tunnels? Thanks a lot.. Cheers 4920441
  • P

    Snort Inline Mode caused WAN to drop every few minutes

    8
    0 Votes
    8 Posts
    2k Views
    bmeeksB
    @tsmalmbe said in Snort Inline Mode caused WAN to drop every few minutes: @bmeeks A minute to review this question of mine and comment? Highly appreciated as always. The answer is very simple: switch to Legacy Mode if you want to use blocking with Snort (or Suricata) on your hardware. I've said on this board innumerable times that Inline IPS Mode relies on the kernel netmap device, and the kernel netmap device relies on well-written support within the hardware NIC driver. If that support is not well-written (meaning bug free), then netmap does not work reliably. That in turn means Inline IPS Mode does not work reliably. "Not working reliably" can manifest in ways from simple disruption of traffic on the configured interface to potentially a complete lockup of the firewall. There is a warning dialog that is displayed at the top of the INTERFACE SETTINGS page when you switch an interface to Inline IPS Mode and save the change. The message clearly says you may experience difficulties. You also have two installed packages that are likely not going to cooperate with the netmap kernel device: bandwidthd and softflowd. That's because when an interface is placed into netmap operation, it is disconnected from the kernel's control and placed under the the control of the app initiating the netmap connection. For the IPS/IDS packages, that would be Snort or Suricata.
  • A

    Problem with packages

    10
    0 Votes
    10 Posts
    2k Views
    A
    @gertjan with OpenVPN I think I can handle it, but the problem with multiWAN as far as I know has not been fixed yet.
  • A

    Sonos, Heos, Chromecast on subnet

    1
    0 Votes
    1 Posts
    818 Views
    No one has replied
  • T

    Captive Portal Freeradius MySql Max Daily data limit

    1
    0 Votes
    1 Posts
    643 Views
    No one has replied
  • I

    Wireguard Performance

    2
    0 Votes
    2 Posts
    996 Views
    Q
    @icarson without more details of hardware and configuration i’m not sure it’s actionable or useful feedback.
  • O

    Verification of packages

    3
    0 Votes
    3 Posts
    903 Views
    O
    @gertjan Well, this forum post indicates that it is possible to install packages while offline. I think 'pkg add' will do the trick after uploading the package to the pfSense system. But thanks for clarifying for me about the fingerprints.
  • JonathanLeeJ

    Watchdog needed for services to keep them running.

    11
    7
    0 Votes
    11 Posts
    2k Views
    JonathanLeeJ
    @gertjan I just wish they used more of the SSD for items, it is alot faster over a hard drive of the past. Use that SSD for items that are not part of non stop scanning. Remember upper and lower memory blocks back with MS-DOS 3.11 in the 90s with a 14mhz 8088 processor? It seems to me the resources that are available like that huge SSD are not being used as much as they could. I do understand the need for speed with the packet processing. However I can't stop wondering what could be put on that drive and not be constantly ready in NVRAM.
  • R

    Please wait while the update system initializes - tried already some suggestions - no luck

    2
    0 Votes
    2 Posts
    2k Views
    ruicaramalhoR
    Hi a lot of times this is related to DNS problems. In my case on DNS Resolver > Network Interfaces it was missing pfBlockerNG DNSBL interface [image: 1634742001333-capture.png]
  • J

    Zabbix proxy 5.4 on pfSense 2.4.4 (CE) - possible?

    1
    0 Votes
    1 Posts
    652 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.