1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    V
    Ah, I changed the action to deny both and now I also have a wan firewall rule, which I also had on OPNsense. With this wan rule I can see the blocks already coming now! Is it a bad idea to have the action set to deny both instead of inbound only?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • G

    SSDP packets across vLANs.

    3
    1 Votes
    3 Posts
    988 Views
    johnpozJ
    @girkers said in SSDP packets across vLANs.: HA is broadcasting to 255.255.255.255:9999 9999 is not SSDP... That must be something specific to tplink. That is broadcast sure, but its not SSDP. Can't you just manually enter the IP address of the devices?
  • kiokomanK

    Telegraf Working plugin list

    3
    1 Votes
    3 Posts
    1k Views
    kiokomanK
    haproxy https://github.com/influxdata/telegraf/tree/master/plugins/inputs/haproxy [[inputs.haproxy]] servers = ["socket:/tmp/haproxy.socket"] the socket is already created by haproxy package
  • P

    ng_etf

    7
    0 Votes
    7 Posts
    923 Views
    T
    I believe he is referring to assigning those NICs as interfaces in pfSense (e.g. through the Web Gui -> Interfaces -> Assignments). You should only have the WAN (ngeth0) a LAN (that is not the one the RG is hanging off of), and any other OPT interfaces you may have (that are not igb0/igb1).
  • N

    problem. installed pfsense

    2
    0 Votes
    2 Posts
    392 Views
    GertjanG
    Hi, The answer starts here : https://www.pfsense.org/download/ Where did you get that old version from ? Surely not the official source. Now you know that you use an old pfSense version, you're close to the final answer : when a new version comes out, there are some notes. See here https://www.netgate.com/blog/pfsense-2-4-5-release-p1-now-available.html and focus on "Upgrade Notes". You will find Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.> So : upgrade pfSense first. That's easy as it can upgrade itself. Visit the pfSEnse dachboard : it will tell you it needs an update. If you want to use packages, that's not some optional choice any more. So, go ahead. Again, read the Notes first. Always. For every new version. For ever. Then installing packages won't be an issue any more. Btw : see it like this : do not install a "Windows 10" app on a "Windows 7 or 8" PC. That won't work. Added to that : packages are mostly written by volunteers. The always 'support' the latest version, not all the xxx older versions (to much work).
  • K

    help me plese!!!

    2
    0 Votes
    2 Posts
    431 Views
    RicoR
    The full doc is here: https://docs.netgate.com/pfsense/en/latest/book/ Netgate hangout about RADIUS and LDAP: https://www.youtube.com/watch?v=n2Z3rr4W2xw -Rico
  • K

    how can i increase disk space of my pfsense VM

    5
    0 Votes
    5 Posts
    6k Views
    jimpJ
    Upgrade to 2.4.5-p1. It's a VM, there is no reason to stay on such an old version. If it's a 32-bit VM, you'll need to make a new 64-bit VM and redeploy, and when you do, just give it a larger disk. Alternately: Increase the size of the disk in the hypervisor touch /root/force_growfs Reboot the VM I can't remember when that was added, might have been after 2.3.x.
  • K

    Snort is causing issue

    2
    1
    0 Votes
    2 Posts
    365 Views
    NogBadTheBadN
    Check your DNS is working, also you really need to update to 2.4.5-p1.
  • SpearfootS

    Has anyone ever gotten stunnel to work?

    1
    0 Votes
    1 Posts
    207 Views
    No one has replied
  • D

    Pfsense Squid Proxy web filtering issues

    3
    0 Votes
    3 Posts
    420 Views
    D
    Yes, it's third party plugins but after installed squid plugins then issues will be occurs not showing squid proxy web filtering options on services of pfsense [image: 1597388131187-pfsense.1..jpg]
  • D

    Bind

    3
    0 Votes
    3 Posts
    473 Views
    D
    @Gertjan I played with the freeze and thaw, then figured it was time for a step back. Uninstalled Bind Cleaned all the files /cf/named/* /usr/local/etc/named /etc/named/ did a reinstall of package Rebooted STopped Bind Layed out the zone Started Bind (An things worked) I think part of the trick was to configure zones with bind stopped) But hard to tell, thank yo for your advice
  • S

    Using zabbix-proxy with multiple networks

    1
    1 Votes
    1 Posts
    431 Views
    No one has replied
  • perikoP

    (SOLVE)Small UPS working USB?

    1
    1
    0 Votes
    1 Posts
    215 Views
    No one has replied
  • K

    CRON doesn't run my script

    7
    0 Votes
    7 Posts
    920 Views
    jimpJ
    pfSense does not include the bash shell by default. If that isn't a plain sh script, then you have to install bash and explicitly run it through bash. For example, pkg install -y bash and then change the shabang line to #!/usr/local/bin/bash.
  • A

    Quagga OSPF neighbor adjacencies using IPSEC/VTI

    1
    1
    0 Votes
    1 Posts
    152 Views
    No one has replied
  • D

    Possible memory leak in nut package?

    2
    0 Votes
    2 Posts
    414 Views
    S
    Hello, I seem to be running into the same thing, and can confirm that it seems to be related to using Nut. I have 9 SG-3100's that don't have UPS's so don't run Nut. And 6 that are hooked up to cyberpower UPS's and use nut + usbhid to monitor the UPS. Two firewalls locked up today out of memory after 13 days of uptime. I am using memdisks on all of them, so I probably have less available kmem than the poster, so my lockups are happening faster. Sample of sysctl vm.kmem_map_free on firewalls not running nut All have ramdisk setup for /tmp and /var 2.4.4-Release-p3 vm.kmem_map_free: 110714880 2.4.5-RELEASE-p1 vm.kmem_map_free: 3776512 2.4.5-RELEASE-p1 vm.kmem_map_free: 4608000 Sample of values for 2.4.5-Release-P1 SG-3100 that are running nut vm.kmem_map_free: 4722688 (Nut enabled) vm.kmem_map_free: 1785856 (Nut disabled???) Here is the value of a 2.4.5-Release-p1 SG-2220, same amount of system ram, but vastly different numbers. vm.kmem_map_free: 1999176794 I'm also running arpwatch on the firewalls that have Nut, I just tried disabling arpwatch, and that freed up quite a bit of kmem? So the reason I hit this issue faster may also be because arpwatch uses more kmem.
  • iorxI

    Package idea: Autoconfig of site-to-site VPN using other ends backup configs as source?

    1
    0 Votes
    1 Posts
    249 Views
    No one has replied
  • A

    Open-VM-Tools 10.1.0_2,1 to 10.1.0_3,1. upgrade fails

    13
    2
    0 Votes
    13 Posts
    1k Views
    jimpJ
    It's this: https://redmine.pfsense.org/issues/10610 In your case the upgrade never fully finished because the same problem affects quagga so it was sitting there waiting on quagga to complete still. We're still working on that problem.
  • D

    Block vpn connection on port 443

    14
    0 Votes
    14 Posts
    2k Views
    DaddyGoD
    @Gertjan said in Block vpn connection on port 443: Not everybody uses OpenVPN. I agree.... ExpressVPN also uses several connection methods depending on the point from which it starts.. router usually OpenVPN ExpVPN app usually IKEv2 + EAP etc....
  • F

    FreeRadius problem

    2
    1
    0 Votes
    2 Posts
    548 Views
    GertjanG
    " Package is configured but not (fully) installed or deprecated " means that lines shown in reds are packages that are ot (fully) installed or deprecated. Your FreeRadius is installed and up to date, so not shown in red. Your issue is purely configuration. I advise you to stop Freeradius in the GUI? Open up the console (SSH access is the one to use now). Option 8. Start freeradius with : radiusd -X and you will see all the details. The ones printed red mean : no good.
  • K

    pkg-static: Cannot get an advisory lock on a database

    2
    1
    0 Votes
    2 Posts
    552 Views
    GertjanG
    As said here. Also, do a reboot to put things straight.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.