1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    A
    @GPz1100 I ran into this same exact issue. I don't have the Prefer IPv4 over IPv6 box checked, but I do have IPv6 enabled. I think the real issue is that Let's Encrypt's server seems to respond with "Recv failure: Connection reset by peer" on almost every request when using IPv6. I tested this by using the command curl -v https://acme-v02.api.letsencrypt.org/directory from pfsense's shell. To work around it, I modified the ACME script as you described. In the file /usr/local/pkg/acme/acme.sh, I updated line 1887 from: _ACME_CURL="curl --silent --dump-header $HTTP_HEADER " to: _ACME_CURL="curl -4 --silent --dump-header $HTTP_HEADER " After forcing curl to use IPv4, both certificate registration and renewal from the acme package started working again without issue.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • T

    Denyhosts Service disable

    Locked
    9
    0 Votes
    9 Posts
    8k Views
    L
    Hello, Thanks for this usefull topic. It's work also for me  !  :)
  • J

    Squid Transparent Proxy and 3rd Party Software

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    Along the same lines as Bern suggested, try tinkering with the FTP helper application.  Mine is checked on wan for Disable the userland FTP-Proxy application and unchecked on LAN.  The setting is on the interfaces config page.
  • Z

    Vhosts not working, no info, no errors, service wont start on 1.2.3 or 2.0

    Locked
    5
    0 Votes
    5 Posts
    7k Views
    J
    Looks like dependency errors: 2010-03-20 12:37:26: (mod_fastcgi.c.1087) the fastcgi-backend /usr/local/php5/php-cgi failed to start: 2010-03-20 12:37:26: (mod_fastcgi.c.1091) child exited with status 1 /usr/local/php5/php-cgi 2010-03-20 12:37:26: (mod_fastcgi.c.1094) If you're trying to run your app as a FastCGI backend, make sure you're using the FastCGI-enabled version. If this is PHP on Gentoo, add 'fastcgi' to the USE flags. 2010-03-20 12:37:26: (mod_fastcgi.c.1398) [ERROR]: spawning fcgi failed. 2010-03-20 12:37:26: (server.c.928) Configuration of plugins failed. Going down. /usr/local/php5/php-cgi /libexec/ld-elf.so.1: Shared object "libiconv.so.3" not found, required by "php-cgi" So doing a simple:  pkg_add -r libiconv should fix the issue.
  • S

    DenyHosts broke?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    B
    Rather than mess around with add-on packages, I'd be tempted to just tick "Disable Password login for Secure Shell (KEY only)" and completely disable password-based authentication. The fact that pfSense's standard SSH port is 222 helps A LOT to start with. Rate-limiting connections on port 222 will help if you're feeling really paranoid.
  • N

    SquidGuard Error

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    L
    @dvserg: I am glad that was able to help you. ps Welcome to Black Sea Thanks (don't be surprise I've change my username - and delete old one). I'm still the same guy from Madagascar…  ;) I've this one (lol) in a french Debian forum. It's usefull to have the same...  8)
  • F

    Max 3mbit/s download through squid???

    Locked
    15
    0 Votes
    15 Posts
    8k Views
    F
    First of, no, I'm running it with 2 nics, one internal and one external (and a third DMZ which is purely virtual). Hmm, Hypervisor is a general term for the software that creates the virtual environment, are you thinking about Hyper-V (from M$), then it's definetely not the fastest. They will perform windows virtualization better than other 'non-para-virtualized' hypervisors. You can gain a lot of performance enhancements by doing it para-virtualized, which hyper-v wants to do with Windows (and Linux, but with problems), a much more compatible product is XEN, that will do para-virtualized for a lot more platforms, and do it better. Only problem is that with paravirtualized you have some system drivers that can completely crash all virtual machines, and render them unsalvagable (speaking of experience), which was why we switched all virtual environments to VMWare a year ago at work. But para-virtualized systems requires specially compiled kernels, and special drivers, so going with hyper-v you are really locking yourself down to M$ until all the kernels are available, which for us was an absolute nono.
  • J

    Separate Log View window?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    I'd start a new thread for that. I'm not familiar with HAVP at all, and the package author does frequent the package subforum quite often.
  • T

    Sipproxd and udp timeout

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • J

    HAProxy feature request (listen stats :8080)

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J
    i found a work around: this can be done by add extra virtual ip, add extra  HAProxy listener add extra server pool (can be to non existing server, but at least one server) then use tis extra virtual ip for the stats, all listners are shown on the same stats page. but it's a waste of a extra public ip tnx, have fun! jst.
  • J

    Haproxy / virtual ip

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    R
    NP - glad to help.
  • J

    Haproxy 0.30 on 1.2.3-release does not work with cookie insertion

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • B

    Ntop very high cpu usage

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    B
    anyone?
  • T

    Snort not starting due to rules errors 24-02-2010

    Locked
    18
    0 Votes
    18 Posts
    13k Views
    G
    I got it working again. 1.) As always backup! Diagnostics>Backup/Restore. Go ahead and backup ALL as well as Package Manager Since a few of the Categories were junk or no longer with the recent rules I went ahead and went System>Packages> (Installed Packages)     Go down to the XML icon put your mouse over it first to make sure is saw "Reinstall the packages GUI" Check Categories and make sure in is empty Run Update Rules again. Check the system log and see if anything failed For me I have to comment out this line by adding the # /usr/local/etc/snort/snort.conf include $RULE_PATH/web-misc.so.rules If you still get rule failures disable the rules that are failing one by one. I only had a few that were failing. After that everything works. Just remember not to let I update until the new package can be released.
  • T

    HAVP antivirus filling hard drive

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    Clam AV database /var/db/clamav
  • provelsP

    Adzap seems to stop working

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Darkstat logs

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • S

    Snort management

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    List some commands you would like to see. Should be easy to add. James
  • O

    Squid slow on one site

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    O
    I realized after posting what I'd done.  In fiddling around with various settings, trying to figure out what was going on, I had unchecked the 'Bypass proxy for Private Address Space (RFC 1918) destination' setting.  Ticking that setting and making the above edit to Squid.inc.  Thanks!
  • J

    MOVED: Auto restart with cron.. How to do it?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • G

    Snort dev problem with more than 1 interface

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    One of the Devs rewrote the startup script the script is broken if you try to start more than one interface. Im re writing the script as we speak. James
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.