@bingo600 I didn't notice another package for similar functionality. I switch to that.

Thanks,

@bmeeks

Thx!

Happy Holidays!

@canernecocaner said in How do I install packages manually ?:

@bmeeks

Thank you very much for your answer.
I understood the warnings and vulnerabilities.
But I use pfsense for the hotspot.(I'm recording local users' internet access)
There is another firewall in front of the pfsense, for security purposes.
The subject I still don't know is this;

Where,why can I download these packages (with additional shared libraries they are dependent on) from any windows computer and then transfer,install them to pfsense?

Thanks

You will need to locate a repository that keeps pre-compiled pkg format *.txz archives of the programs you want to install. That repository will also have to be the same FreeBSD version as your pfSense firewall. Currently the pfSense-2.4.5_p1 release is based on FreeBSD-11.3/STABLE. It may prove difficult to find an 11.3/STABLE public repository of compiled packages. You can use the built-in pfSense package repository as the pkg utility on the firewall is pre-configured to point there. However, that repository may not have all of the packages you want or need. That's because it is geared to supporting only what pfSense and its officially supported packages require.

Another option is create a FreeBSD-11.3/STABLE virtual machine, download and install the portsnap FreeBSD ports tree, and then compile the packages you need yourself into the required *.txz format for later transfer over to pfSense and then manual installation there. However, by the time you go to this much trouble you may as well just install the mysql DB server on that FreeBSD virtual machine (back to my original suggestion).

This is "hard" because it is not a good thing to do, and few if any folks try it. Otherwise there would be a ton of "how-to" links on the web and everyone would have all kinds of other software applications running on their firewalls.

I seriously doubt you will find an easy "click here, click there and presto it's done" way to do what you desire.

Instead of trying to install all this on a pfSense machine, why not use the bare metal hardware running pfSense to run a hypervisor like Proxmox, ESXi, Hyper-V, etc.? Then on the hypervisor you can create a pfSense virtual machine for the Captive Portal function, then create a separate FreeBSD-11.3/RELEASE virtual machine and install the mysql stuff there. Easy-peasy to do that without needing to transfer files around, compile packages yourself, or try to find a compatible public repository of pre-compiled packages.

@kiokoman Thanks, for cleariying

For a Firewall 8G is a LOT in 98% use cases. ;-)

-Rico

While looking for a solution to this, I saw that it is now possible to set the OTP Label by adding a Description in the Users Edit page:

21294a16-3167-474f-9564-339843f24e74-image.png

I'm using pfSense 2.4.5-RELEASE-p1 and freeradius3 0.15.7_20

Requested in Issue:
https://redmine.pfsense.org/issues/8878

Corresponding Pull Request:
https://github.com/pfsense/FreeBSD-ports/pull/779

Solution:
Services > Squid Proxy Server
SSL/MITM Mode: Splice All.

Splice All:
This configuration is suitable if you want to use the SquidGuard package for web filtering.
All destinations will be spliced. SquidGuard can do its job of denying or allowing destinations according its rules, as it does with HTTP.
You do not need to install the CA certificate configured below on clients.
Content filtering (such as Antivirus) will not be available for SSL sites.

@piba said in 2.4.5_1 PHP Error installing HAProxy:

unset($config['installedpackages']['haproxy']);
write_config("fix haproxy install, remove empty config");
print("config fixed?");

By Jove Sir, I think you got it.

I was able to install HaProxy.

@bauerfyr

to automate starting the service, create a wrapper file and place it in /usr/local/etc/rc.d, and you MUST have an extension of .sh, and it'll run. My file is "amazon-ssm-agent-wrapper.sh" and the contents are:

#!/bin/sh
DIR="$( cd "$( dirname "$0" )" && pwd )"
sh $DIR/amazon-ssm-agent onestart

For the LOGGING of ssm agent to cloudwatch (if you are interested) you have to take the wayback machine b/c the ssm agent 2.3.x is so ancient.

go to /usr/local/etc/amazon/ssm, create a new file (start fresh) called seelog.xml (you'll see templates there), sample below. I wanted to split into two separate logs files, but it doesn't look possible.

!--amazon-ssm-agent uses seelog logging -->
<!--Seelog has github wiki pages, which contain detailed how-tos references: https://github.com/cihub/seelog/wiki -->
<!--Seelog examples can be found here: https://github.com/cihub/seelog-examples -->
<!--References to mods: -->
<!--How to add cloudwatch: https://docs.aws.amazon.com/systems-manager/latest/userguide/monitoring-ssm-agent.html -->
<!--For "deep" examples: https://github.com/cihub/seelog/wiki/Example-config -->
<seelog type="adaptive" mininterval="2000000" maxinterval="100000000" critmsgcount="500" minlevel="info">
<outputs formatid="fmtinfo">
<console/>
<!-- <file path="/var/log/amazon/ssm/amazon-ssm-agent.log"/> -->
<rollingfile type="size" filename="/var/log/amazon/ssm/amazon-ssm-agent.log" maxsize="10000000" maxrolls="5"/>-
<filter levels="error,critical" formatid="fmterror">
<rollingfile type="size" filename="/var/log/amazon/ssm/errors.log" maxsize="10000000" maxrolls="5"/>-
<!-- LINE BELOW DOESN'T WORK YET - it gets overwritten by next "cloudwatch_receiver stmt."-->
<!-- <custom name="cloudwatch_receiver" data-log-group="ssm-agent-errors"/> -->
</filter>
<!-- ENTER THE CLOUDWATCH LOG GROUP NAME AFTER 'data-log-group' -->
<custom name="cloudwatch_receiver" formatid="fmtinfo" data-log-group="ssm-agent-log"/>
</outputs>
<formats>
<format id="fmterror" format="%Date %Time %LEVEL [%FuncShort @ %File.%Line] %Msg%n"/>
<format id="fmtdebug" format="%Date %Time %LEVEL [%FuncShort @ %File.%Line] %Msg%n"/>
<format id="fmtinfo" format="%Date %Time %LEVEL %Msg%n"/>
</formats>
</seelog>

@gertjan said in Bind - Setup pfSense as slave DNS server:

your DNS zone has to be fully IPv6 and IPv4

Don't agree with this.. While sure if you have IPv6 then yeah be nice to do that.. But it sure doesn't have to do anything IPv6..

And while I agree you should do dnssec - again not a requirement.. You do not have to setup dnssec - and people using dnssec will still resolve you. Unless you try setup dnssec and you mess it up.. Then yeah if your dnssec fails you won't resolve.

He is trying to show you that yes it gets complicated very quickly.. But when it comes down to setting up a slave. You tell your master what IP are you slaves, and you setup the zones on your slave and tell them the IP of the master.

But he makes a good point about your PTR.. Can you even set that either of your NSers IPs? That really should be set.. Is where you running pfsense even a static IP?

What are you going to do if someone attacks your dns? What are you going to do if someone tries to use your NSers for a amplification attack and you didn't secure for that? What your using for NS should not be recursive.. An authoritative NS should not do queries for other clients. They only should answer for the domains they are authoritative for..

@legtpa what kind of modifications?
maybe new WebGUI checkboxes needed?

You can create a feature request: https://docs.netgate.com/pfsense/en/latest/development/feature-requests.html