1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    B
    @Greyhat I think it's useful to work with what we've got and figure something out for the (i hope) edge cases later. So for the JSON I figured you can actually use an existing suricata integration by co-opting their pipelines.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy Well then it would seem that you've successfully resolved your root issue. Nice work.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    johnpozJ
    @netboy do you have this docker available - this is actually pretty slick. I didn't think about monitoring the one connected to my nas.. It monitors it for shutdown of the nas, but it be nice to see such info off of it. I have one behind my tv I monitor with pi I have connected, that is my ntp server as well. I keep meaning to put another pi I have for the one in my av cab to monitor that one - just haven't gotten around to it. I have 4 total in the house of the cyberpower ones.. Be nice to throw them all into 1 place to monitor.. One I monitor on my pc, with misc network gear plugged into that, one my nas monitors for its own use, pretty sure the pfsense is on that ups along with my APs I think - but didn't think of turning on its server function and point pfsense to it. You have inspired me to to a better job of monitoring mine.. Mine are all cyber power 1500s, would have to double check models but I know at least 2 of them are the cCP1500PFCLCD I think your docker would be perfect for my use as well.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    638 Posts
    L
    @Vad-B Interesting indeed! I just tried to fill the Pre-authentication Key with file:/dev/null. I get an crash in pfsense after some time, but when I login again is saved. For me this for after service restarts at least this solves it, including the issue with the routes not being advertised even set in the WebUI. Havent done an full restart of pfsense (yet)

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    I feel like I’ve followed every guide there was. I was able to get nordvpn via wireguard on my pfsense but for the life of me I can’t get my own wireguard server working. I can’t even get a handshake. I have all the firewall rules mentioned, the gateway, interfaces. Etc. I got no clue what to do at this point. Can anyone please help? I’ll provide any information required I just don’t even know where to start I’ve tried every YouTube video possible and guide it’s strange. I was able to get nordvpn working but I can’t get my own.
Log in to post
Load new posts
  • jahonixJ

    NTP server

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    H
    Firewallrules always work for incoming traffic at an interface. You don't have to allow traffic passing out on any interface. So basically the pfSense itself is allowed always to go anywhere (in case you use the dns forwarder).
  • B

    What is package logs??

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S
    Yes there are, but I cannot recall which ones.
  • A

    RADIUS manager

    Locked
    14
    0 Votes
    14 Posts
    11k Views
    S
    @almedin: OK, but this is not something that i want… please see that functionality in RadiusManager (www.dmasoftlab.com) - that's something I would like to see in pfsense Start a bounty then.
  • H

    Ntop service stops when activating lan

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J
    Usually I only want to listen on the lan anyways so I hard card the flag -i (interface name) into the rc.d file.  Then ntop will start using the lan interface.
  • J

    FreeRadius User Import ?

    Locked
    3
    0 Votes
    3 Posts
    8k Views
    J
    I think I got it, in VI it was showing some escapce characters improperly.  When I used the built in editor in PFsense and removed them it read the file.  I also pointed radius to a different user file in freeradius.inc and radiusd.conf so they would read the file I'm going to generate.  If I'm not mistaken this will effectively break the gui user admin and allow me to work with just the text file anyways…?  Kind of ghetto but it should work right?
  • N

    Anyone working on a DNS/BIND package?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H
    Have a look at the tinydns*.png's at http://pfsense.com/~sullrich/pics/?M=D . It's an upcoming package that is under developement atm.
  • J

    FreeRadius won't start (differs from MaxC post)

    Locked
    26
    0 Votes
    26 Posts
    10k Views
    J
    Well here is the update on the radius package: Install Package go to terminal issue: pkg_delete freeradius-1.1.3_1 (some errors about not being to delete everything will come up, that's fine) pkg_add -r freeradius start the service, done deal Sorry I don't know more than that but it should make it easier for the problem to be fixed, thanks to everyone who helpmed me out.
  • S

    Squid: –enable-snmp ?

    Locked
    8
    0 Votes
    8 Posts
    5k Views
    T
    Cool, thanks !
  • T

    Spamd - unable to start service

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T
    @Tabun: Hello, i've installed the spamd package from the package manager, but i'm not able to start the service. In the Status-> Services window shows "stopped", if i click on start service button i'll become the message "spamd started" but nothing goes on and the status is still stopped. I've uninstalled and reinstalled the package, but have the same problem. Thank for any help.. (pfsense V. 1.01 (Full install), spamd version 4.3) Solved now
  • J

    Making a package turn op on Diagnostics: Package logs

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J
    this is the package that you can install from pfsense i have maked it stop and then start with the logging options
  • A

    SpamD - Greylisting

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    R
    Whats meant to happen(mine doesn't even work) is: Black list and greylist IP addresses get sent to the pfsense box on port 25. It whittles away their time and resources. Once it has met the conditions to be allowed to send(time, connections etc), it's meant to whitelist the IP address of the sender and then port forward directly to your specified mail server. This means spammers never touch your server and waste it's resources. It's a great solution. I haven't gotten this working yet but i would love to get this working. I can't troubleshoot it that far as I don't have the know how :) I never had somebody else with the same issue that I had so I could never compare.
  • N

    Spamd issues

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R
    Once you hit the whitelist its meant to redirect your connection to port 25. I could get it to open port 25 on a grey or blacklist but as soon as it hit whitelist, no connection on port 25 for that whitelisted IP address.
  • K

    Snort core dumped ( promiscuous mode disabled )

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Y
    Update to the latest snapshot: http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/
  • P

    Core dumping on NTOP now SNORT's Fixed

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    Y
    @redseawireless: 2 Gigs with Quad processor and still taking a crap! I am processing traffic across my wireless network covering over 150 square kilometers! On a average day 3000 to 3800 users! CPU Load 6 to 8 percent! Memory at 1 to 2 percent! Plenty of room to run Snort and Ntop on same machine! Do you have any relevant info on this matter? You're going to have to give more information. Be specific in telling us your testing methods. What version of pfsense are you on? Also show us log outputs when ntop goes down, etc. I've been running snort and ntop for weeks now with no problems.
  • H

    Ntop not working with 1.0.1

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    G
    Not sure if this helps, but I had a similar issue that was caused by special characters in the ntop admin password.   I have verified that the following special characters do not work: &)=%#!?}]   These special characters do work: (^$@~<>{[ Those are the only characters I had the time to test.
  • A

    Where is squid package?

    Locked
    21
    0 Votes
    21 Posts
    10k Views
    H
    Mail it to coreteam@pfsense.com .
  • H

    LDAP, Squid and multiple NICs

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    M
    You have a bounty!
  • U

    Not all the packages in 1.01

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    U
    I'll keep you informed. As for now I have squid working, but I had to NAT all proxy packages to the WAN adres where squid is listening, for this test it works fine, but I don't want to enable a proxy server for the whole world. Also squid is running fine, but at this moment I don't run squid as daemon (I want to see what's going on in the test envoirment)
  • M

    Starting daemons without writing a package

    Locked
    7
    0 Votes
    7 Posts
    32k Views
    M
    I've done it now thanks ;D I changed the enable:NO to YES in the shell script so that it always starts up by default. Thanks for the XML explanation as well.
  • Y

    Editing snort rules

    Locked
    40
    0 Votes
    40 Posts
    15k Views
    C
    Well it's an IE thing…..seems to work fine in firefox.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.