1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    EChondoE

    @fxandrei Found this thread via Google. And I figured out what OP did, so here's the explanation:

    In the pfSense webpage do:

    Click on "Services" Select "Acme Certificates" Edit any of your certificate entries by clicking on the pencil icon. Scroll to the bottom of the certificate edit page and find the "Actions list" section. Click on "Add" to add a new action and fill out the information as needed. For HAProxy restarting do: Mode: Enabled Command: /usr/local/etc/rc.d/haproxy.sh restart Method: Shell Command And finally "Save" at the bottom of the cert edit page.

    As far as I can tell, the above action seems to propagate to all certificates that I have, not just a single one. I am not sure if this is just a visual bug, but just something to be aware of.

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    Hopefully this helps you and anyone else that finds this thread via searching.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • L

    Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, even when it is from a completely different package

    Moved
    7
    0 Votes
    7 Posts
    1k Views
    GertjanG

    @lightningbit said in Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, even when it is from a completely different package:

    I assume this is a bug? or is there another way to fix this?

    The issue is already known, and a solution is in the pipeline : read https://redmine.pfsense.org/issues/11366

  • D

    Arpwatch - Telegram notifications

    4
    0 Votes
    4 Posts
    1k Views
    GertjanG

    @drumsergio said in Arpwatch - Telegram notifications:

    https://redmine.pfsense.org/issues/11972

    There should be a new section on the Arpwatch service page to select whether to send notifications via e-mail or Telegram.

    The destination of notifications is set up here : System > Advanced > Notifications
    Notification can be mailed and/or telegrammed and/or Pushovered (whatever that might be).

    Btw : You can 'have it' right now :
    Edit :
    /usr/local/arpwatch/sendmail_proxy.php

    Close to the last line :
    Replace :

    send_smtp_message($message, "{$config['system']['hostname']}.{$config['system']['domain']} - Arpwatch Notification : {$subject[1]}");

    For :

    $message = $config['system']['hostname']}.{$config['system']['domain']." - Arpwatch Notification : ".$subject[1]." - "; /* or something else - I didn't test with Telegram */ notify_via_telegram($message) ;
  • J

    Serial Terminal emulator FROM pfsense

    3
    0 Votes
    3 Posts
    1k Views
    J

    @kom
    Thanks for the info. I was not aware of tip or cu. I'll check them out. Thanks for the warning about installing external packages as well!
    👍

  • S

    Cannot get PIMD to work

    1
    0 Votes
    1 Posts
    369 Views
    No one has replied
  • T

    Installation of packages failed

    Moved
    4
    0 Votes
    4 Posts
    706 Views
    T

    @stephenw10 Yes, I think 5GB is already enough. I will try your solution, but I created a new machine in VirtualBox and freshly installed Pfsense there, and it works perfectly. All specs are the same, which is weird.

  • T

    check_mk v2

    3
    0 Votes
    3 Posts
    1k Views
    O

    I use the pfSense Check with SNMP and CheckMK Client at the moment. But I'm trying to figure out, if theres a better way like checks over SSH.

    Very sad, that theres no agent installation over the package manager :(

  • D

    Avahi causes a ton of ping chatter

    12
    0 Votes
    12 Posts
    1k Views
    johnpozJ

    What are you trying to accomplish exactly.. Why do you think you should bridge all your networks together?

    Why are you trying to use a tap vpn connection? The only point to such a setup would before allowing for L2 discovery.. Ie broadcast and multicast? Why would you want/need that?

    Do you want to control traffic between your wireless network and your lan?

  • D

    Error node_exporter 0.18.1_1

    13
    1 Votes
    13 Posts
    3k Views
    ?

    @vukuze said in Error node_exporter 0.18.1_1:

    I am not some kind of pfSense guru and my advice may be wrong, but here is my solution of the same problem:

    mkdir -p /usr/local/etc/rc.conf.d cp /usr/local/etc/rc.d/node_exporter /usr/local/share/pfSense-pkg-node_exporter/node_exporter.sh

    My node_exporter 0.18.1_2 on pfsense 2.5.1 gave me the same could not open error. I used these commands verbatim and after reboot the service started up and the metrics were exposed as expected. Thank you

  • W

    Some questions about APCUPSD

    14
    0 Votes
    14 Posts
    2k Views
    fireodoF

    @whitetiger-it said in Some questions about APCUPSD:

    I have to display pop-ups, send an email and send a message with Telegram. So I have to use a script, but I can't get it to start when the state changes.

    Sorry - I have no Idea ...

  • D

    Help I get this: "Unable to retrieve package information."

    5
    2 Votes
    5 Posts
    43k Views
    T

    @dilan123

    Looks like it's all working again today! You might want to see if it's working for you too.

  • M

    Netgate XG-7100 with Zabbix Proxy Failed to execute command "/usr/local/sbin/fping6

    Moved
    3
    0 Votes
    3 Posts
    845 Views
    M

    Hello,

    this was not the trick!
    Removed the Database and reinstalled the Zabbix-Proxy and the Zabbix Client
    Nothing changed - the Problem is still there.

  • S

    Email notifications with apcupsd not sent

    9
    0 Votes
    9 Posts
    2k Views
    G

    @steveits I have been encountering the same issue and finally digested this setting in /usr/local/etc/apcupsd/apcupsd.conf:

    # The ONBATTERYDELAY is the time in seconds from when a power failure # is detected until we react to it with an onbattery event. # # This means that, apccontrol will be called with the powerout argument # immediately when a power failure is detected. However, the # onbattery argument is passed to apccontrol only after the # ONBATTERYDELAY time. If you don't want to be annoyed by short # powerfailures, make sure that apccontrol powerout does nothing # i.e. comment out the wall. ONBATTERYDELAY 6

    The onbattery condition is immediately logged to the apcupsd event log and syslog, but the email notification is withheld until the ONBATTERYDELAY has transpired to eliminate unnecessary notifications for brief transients. I see that your outages were only on second long, so they would not have satisfied the default 6-second condition.

    If you want to be notified of brief outages, you might create a powerout script in /usr/local/etc/apcupsd/ similar to the onbattery script.

    Galen

  • W

    UPS Manager with statistics (and graph)

    13
    0 Votes
    13 Posts
    2k Views
    provelsP

    @whitetiger-it
    You may want to look at MRTG. I'm sure someone has adapted it for UPSs (either APCUPSD or NUT).
    MRTG
    I have a FreeBSD NAS (Xigmanas) which has UPS monitoring that looks a lot like MRTG. Maybe you could spin up a minimal VM with it and monitor that way? The NAS uses NUT to monitor pfSense as slave, which in turn uses APCUPSD to monitor the USB-connected APC on the host... Simple! :/
    a3a9005e-b53a-4829-aaa5-3e13bbf5de0b-image.png

  • M

    Freeradius authentication - multiple instances (OVPN & wifi)

    7
    0 Votes
    7 Posts
    2k Views
    M

    @nogbadthebad
    Cool, looks interesting. Thank you. I'll try.
    Yes, the Google OTP is per user, so it looks like I'll have to create every user twice (not huge effort).

  • V

    Clean install 2.4.5-p1 - cannot install packages - Please wait while the update system initializes

    Moved
    6
    0 Votes
    6 Posts
    1k Views
    V

    @skogs yes correct. But I am not doing the 2.6 devel release. The other day a new snapshot nuked my 2.6 devel lab install. It is absurd that this is still not fixed. Luckily pfsense is free ad I am glad I don’t have the plus appliances. Then again a similar fix was released within days for pfsense Plus for this same multi wan bug….makes you wonder 💭

    My advice stay on 2.4.5 -p1 as long as you can. I am doing the same. I am using pfblockerng there but only ip blocking. I moved to dedicated AdGuard Home server on a raspberry pi for dnsbl blocking.

  • H

    After an Installation Recovery, "Freeradius Package Won't Start"

    Moved
    7
    0 Votes
    7 Posts
    2k Views
    A

    @jahonix said in After an Installation Recovery, "Freeradius Package Won't Start":

    https://forum.pfsense.org/index.php?topic=129649.0

    Go to:

    Services->FreeRadius

    EAP(Tab)

    Scroll down to: Certificates for TLS

    SSL CA Certificate-> Select Certificate(If you dont have need to create it System->Cert. Manager)

    SSL Revocation List-> Select Certificate

    SSL Server Certificate

    Start FreeRADIUS service

  • J

    PfSense 2.3 Check_mk working with xinetd

    Moved
    28
    0 Votes
    28 Posts
    17k Views
    adamwA

    Has anybody had success running check_mk 2.0 agent on pfSense 21.02?

    Do steps look exactly as described here:

    https://forum.netgate.com/topic/131967/check_mk-on-pfsense-2-4-w-update-persistence

    ?

    That post is almost 3 years old.

  • J

    HAproxy maximum number of backend ?! stuck at 317

    1
    0 Votes
    1 Posts
    305 Views
    No one has replied
  • M

    How to reinstall packages on 2.4.5?

    Moved
    9
    0 Votes
    9 Posts
    3k Views
    B

    @taxilian

    this worked for me

    System / Update / System Update
    set branch to 2.4.5 DEPRECATED

  • D

    Installing CLI Ookla Speedtest; “Command not found”

    Moved
    6
    0 Votes
    6 Posts
    2k Views
    KOMK

    @dominikhoffmann According to pfSense Package Manager:

    "Iperf is a tool for testing network throughput, loss, and jitter."

    More specific details can be found at the project's website:

    https://iperf.fr/

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.