pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

3.7k
Topics

20.5k
Posts

O

@viragomann

Thanks for your comments. I'm at work now but I can try to share more details on the configuration later.

The more I think about it, the more I think the problem is not on the HAProxy side. HAProxy is returning subdomains correctly on the LAN listener and I created the WAN listener by copying it.

I'm pretty sure I can set my firewall rules so that the incoming WAN traffic lands on the LAN listener and get the same result.

Leads me to believe it's something to do with how my VPN service provider is forwarding the traffic, or my NAT / firewall rule configuration.

I'm not sure how to troubleshoot traffic getting passed, but getting striped of http headers along the way. Believe I am talking about HTTP, haha to the extent of my knowledge. Will have to come back to dig/nslookup. But the domain is resolving correctly.
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

2.2k
Topics

15.6k
Posts

K

@bmeeks THank you so much will do thanks
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

553
Topics

2.7k
Posts

A

@CZvacko said in Telegraf service stops when the physical interface is reconnected or reconfigured:

In the last version 2.7.2 I noticed several times that the Telegraf service stopped working, now I found that it happens when reconnecting the physical interface. Probably also when adjusting interface parameters such as MTU. Is this considered a bug or how to prevent it ? (I have to remember to check it after such actions)

This might be a bug. Check Telegraf logs for details, and configure it to restart automatically by editing its service file:

Restart=always
Restart with sudo systemctl daemon-reload && sudo systemctl restart telegraf. Update to the latest version and report the issue on Telegraf's GitHub if it persists.
pfBlockerNG

Discussions about the pfBlockerNG package

2.5k
Topics

19.0k
Posts

R

@reberhar so I can get to the 3 edit dots on my display. To be deleted later
UPS Tools

Discussions about Network UPS Tools and APCUPSD packages for pfSense

86
Topics

2.3k
Posts

D

@netboy Glad you got it sorted.
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

476
Topics

2.7k
Posts

T

@killuhbyte Without reviewing /tmp/acme/firewall-cert/acme_issuecert.log to possibly discern more, the script appears to be failing at actually reading the zone file—or failing to match it to what you've entered under "Domainname".

Relevant code:
_debug "First detect the root zone" if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi
Without seeing more of your configuration, there's something wrong with the "Domainname", the API Token, or the Zone ID.

How is the token configured on the Cloudflare side?
FRR

Discussions about the FRR Dynamic Routing package on pfSense

279
Topics

1.1k
Posts

M

Found the issue. RPKI is not supported although its an option available.
Dont know why this is a problem in 24.11
I did have RPKI enabled prior.

Spoiler
/usr/sbin/service frr restart bgpd
bgpd not running? (check /var/run/frr/bgpd.pid).
Starting bgpd.
frr_init: loader error: dlopen(/usr/local/lib/frr/modules/bgpd_rpki.so): /usr/local/lib/libssh.so.4: version LIBSSH_4_5_0 required by /usr/local/lib/librtr.so.0 not defined
frr_init: loader error: dlopen(/usr/local/lib/frr/modules/rpki.so): Cannot open "/usr/local/lib/frr/modules/rpki.so"
frr_init: loader error: dlopen(rpki): Shared object "rpki" not found, required by "bgpd"
/usr/local/etc/rc.d/frr: WARNING: failed to start bgpd
[36398|mgmtd] sending configuration
[36518|zebra] sending configuration
[39070|watchfrr] sending configuration
[39648|bfdd] sending configuration
Waiting for children to finish applying config...
[39585|staticd] sending configuration
[36398|mgmtd] done
[39070|watchfrr] done
[39585|staticd] done
[36518|zebra] done
[39648|bfdd] done
Tailscale

Discussions about the Tailscale package

74
Topics

417
Posts

D

Screenshot_20241113_175104.jpg Good day everyone,
Im getting this notification on my pfsense, can someone tell me what is it?
WireGuard

Discussions about WireGuard

627
Topics

3.3k
Posts

T

So I'm finally got around to setting up a VPN to my home network so I can access files and thing on my LAN when I'm away from home. It works quite nicely actually, but I was under the impression all my LAN devices would show up in macOS Finder sidebar like they do at home.

I've setup Wireguard as per this https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html and a lil help from Chat which suggested the same.

I also have Avahi package installed and working with "Repeat mdns packets across subnets" set.

But then I saw this here Re: Avahi mDNS on Wireguard

@cypherpunk AFAIK, the pfSense Wireguard implementation does not support multicast.

But it's still unclear to me.
So would I be correct then in assuming Bonjour will never work on this setup and I should switch the OpenVPN to get the experience I'm after?

E

Snort, SnortSam & Oinkmaster

• • energy

11

0
Votes

11
Posts

6.7k
Views

Q

Just a note

Imho it is easier to operate an IDS on an external device!

marcus
M

About Some Packages Problem

• • macafee

4

0
Votes

4
Posts

2.4k
Views

M

OH,I SEE! Waiting it realease~~~~~~~
Q

Squid (transparent, LAN+OPT) OPT subnet access: Permission denied

• • qriff

4

0
Votes

4
Posts

2.5k
Views

S

It works fine with RC2.

Did you uninstall and then reinstall?
J

Squid in RC2e

• • jahonix

6

0
Votes

6
Posts

3.2k
Views

J

.
…well, reinstalled it 2 times without success.
After that I deleted the package, rebooted and installed it again.

Now it works as expected.

Just to let you guys know...

Cheers

jahonix
C

FreeNAS undefined function problem

• • czappi

6

0
Votes

6
Posts

4.3k
Views

J

Thanks for clearing that up!

I think I will try to install head on a spare comp to experiment with, maybe try to make it dual boot FreeBSD/pfsense so that I can become more familiar with this stuff.
L

Error install HAVP with GUI

• • lluner

2

0
Votes

2
Posts

2.0k
Views

L

logs erros havp ALPHA
0.6 with GUI :

Downloading package configuration file… done.
Saving updated package information... done.
Downloading havp and its dependencies... done.
Checking for successful package installation... failed!

Installation aborted.
K

Problems with Squid and SpamD

• • KiaN

20

0
Votes

20
Posts

7.8k
Views

S

Uninstall and reinstall the squid package.
H

Squid not allowing access on port 88 outbound

• • hillster

2

0
Votes

2
Posts

2.5k
Views

?

You're bumping up against the squid ACLs. Consult the squid documentation and modify your squid.conf appropriately.
S

BSDstats package

• • sullrich

1

0
Votes

1
Posts

2.1k
Views

No one has replied
E

Squid working, but getting some "operation timed out" errors

• • EmanuelG

2

0
Votes

2
Posts

5.2k
Views

C

From the "Better Late Than Never" Department:

Log into the box and use squidclient to query squid for stats:
squidclient mgr:menu
will give you a complete list of available commands.
squidclient mgr:info
is generally the first and most useful query to run.

Look at the statistics related to median response time. Of particular interest will be the time it takes DNS to answer requests. Remember, squid is a proxy, that means that it's doing a lot of work in place of clients. Each request consumes system resources while it's being processed and the longer it takes to complete the transaction the longer those resources are unavailable to handle other requests.

Also, make sure you're using diskd for async I/O, if possible, and that shared mem is tuned properly (if shared mem isn't tuned properly you'll get scary messages about resources being unavailable in the logs). NOTE: diskd can be a pain. If aufs works, use it instead. The last info I read on diskd v. aufs stated that in order for aufs to work on freebsd, threads would have to be able to do non-blocking I/O. I'm not sure about the current kernel, so more research is required.

Don't use the default cache object removal policy, it's slow, inefficient and indiscriminate. Use one of the heap-based policies instead. Choose whichever policy meets your need, the primary distinguishing characteristic being their affinity for object size or age.

Check the squid FAQ for more information.
S

DSpam

• • SatireWolf

6

0
Votes

6
Posts

3.7k
Views

S

Great! We should start a Starbucks fund for the dev's… I know I drank way too much Russian Sludge (no offense to the ruskies, but adding coffee grounds to a basket over and over until you can't close it makes for some interesting coffee) in my day developing grid software for super collider research.

Anyways, I'm going to get a test box or two running. Let me know if there's any other way I can contribute other than submitting meaningful and detailed bug reports. Unfortunately no matter how many Frapa's or Mocha's you drink, it still doesn't make release day come any sooner lol… Keep up the good work guys.
F

Updated packages, incoming breakage, feedback needed

• • fernandotcl

31

0
Votes

31
Posts

17.1k
Views

R

@mrreload:

Ok,
I tried again and I am getting the same thing. Log shows exactly the same as earlier post. I have tried deleteing the havp package file from /tmp, same. Tried to install it with or without squid installed. Tried a fresh install of pfsense, same. Strange thing is I have other packages installed without any issue. Squid and Freeradius.

The same happens for me, even on a new install of pfsense. Here's the error i get for HAVP:

Downloading package configuration file… done.
Saving updated package information... done.
Downloading havp and its dependencies... done.
Checking for successful package installation... failed!

Installation aborted.

Here's the error I get when trying to install CLAMAV:

Installing clamav and its dependencies.
Executing custom_php_resync_config_command()...

It just sits there until I go and close the page after several minutes. Weird thing though is that CLAMSMTP installs fine without any problems.

Thanks in advance...
E

Asterisk

• • Emab

8

0
Votes

8
Posts

4.1k
Views

H

Get a soekris/wrap and throw one of these ready made asterisk images to it. This will only use around 3 watts.
K

IMAP server

• • Kane66

3

0
Votes

3
Posts

2.9k
Views

B

@Kane66:

Hi,

Is there any way to install the IMAP server like dovecot or smth else on PFSENSE with full install (on HDD) ?
I must have IMAP server in my network and i don't want leave PFSENSE which is great for me (stability and superios traffic control) :(

Router with PFSENSE is only computer who work 24h per day :/

Best regards,

You'd also need it to run as a MTA, which would require sendmail or some other MTA installed. Have fun!

–Bill
P

Unable to communicate to pfSense.com

• • prometeo

3

0
Votes

3
Posts

2.8k
Views

P

wan is up because I can navigate and dns are ok… :(
R

Squid error

• • Rich

4

0
Votes

4
Posts

3.7k
Views

B

need help, another error here… it says:

Warning: fopen(/var/squid/acl/throttle_exts.acl): failed to open stream: No such file or directory in /root/solidgateweb/etc/inc/pfsense-utils.inc on line 321 Warning: fwrite(): supplied argument is not a valid stream resource in /root/solidgateweb/etc/inc/pfsense-utils.inc on line 322 Warning: fclose(): supplied argument is not a valid stream resource in /root/solidgateweb/etc/inc/pfsense-utils.inc on line 323 Warning: Cannot modify header information - headers already sent by (output started at /root/solidgateweb/etc/inc/pfsense-utils.inc:321) in /root/solidgateweb/usr/local/www/pkg_edit.php on line 215

what's wrong?:)
E

OpenVPN and 1.0-BETA1

• • ecce

87

0
Votes

87
Posts

59.7k
Views

A

That's great drakan, I'm gonna try it out now. Tried it on friday and the firewall hang. I needed to restore to factory defaults because webconfigurator wasn't reachable through any of the interfaces.

Thanks again for your tests.

BTW: what version where you running? RC1a?
C

ASSP won't work in RC1

• • cavediver

5

0
Votes

5
Posts

3.4k
Views

S

I have no intention on fixing it. Someone else needs to step up to the plate.
E

SPAMD usage guide

• • EmanuelG

2

0
Votes

2
Posts

3.2k
Views

S

Everything in the SpamD package is from OpenBSD's SpamD:

http://www.openbsd.org/spamd/
P

Installing own package (instead of from port collection)

• • Pit

2

0
Votes

2
Posts

2.4k
Views

S

Looks about right to me..

456 / 461