pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

3.8k
Topics

20.6k
Posts

A

@viragomann yeah, it was enough of a nightmare to get this VPN setup originally, anytime you involve TCS in something IT related you can add an extra hundred hours!
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

2.2k
Topics

15.7k
Posts

B

@Alessiottero said in Uknown VLAN Traffic with Suricata IPS Inline Mode:

Ciao @bmeeks, thank you again, I have write right know on the Suricata forum!

If you are interested this is the topic.

Thank you very much again, we will update soon I hope!

I checked on your Suricata forum post. Excellent way to phrase your question. It leaves the focus on why that rule would trigger and does not muddy up the water by mentioning pfSense.

There are several key Suricata developers that frequent the forum. Hopefully one of them will answer soon. I am curious myself about the answer to your question.
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

559
Topics

2.7k
Posts

M

@periko I agree with you. Most if not all firewalls today provide some ability to peak into what kind of traffic is flowing through your device.
pfBlockerNG

Discussions about the pfBlockerNG package

2.6k
Topics

19.4k
Posts

W

We have several customers with different VOIP providers who are experiencing high jitter and latency with their VOIP calls. We don't have problem with other VOIP apps like Skype, Teams, Google Meet, etc but I don't think they do voice like VOIP might with UDP 5060, etc.

I'm wondering if anyone else has experienced this. When we disable PFBNG Devel, VOIP seems to work much better.

We haven't gone back to the regular PFBNG, we're using the Devel because it is more full featured.

Thoughts?
UPS Tools

Discussions about Network UPS Tools and APCUPSD packages for pfSense

90
Topics

2.3k
Posts

G

@rdibley said in Linefeed in pfSense email notifications (with Network UPS Tools):

So one more question: if most people don't use the Advanced section (and the users.conf is blank), how does a secondary system connect to the primary? Is it that most people don't define a user/password for monitoring, but that the primary is just open to any secondary system that might want to connect?

I'm using it 😊

b852fa0b-7f4c-4461-8c73-3867487db57f-image.png

The third entry is for my Synology NAS :

And the NAS side :

c67da02f-ce7a-456c-a7e1-fede22ed4b6b-image.png

and done.

I've also installed "Windows NUT Client" on two PC's nearby.
Example : PC 1 with user name "pcrecep1" and password "secret1" :

e41ec81d-1698-431f-98f9-17e142c93132-image.png

Works fine also.
So I've 4 devices protected with one big 1000 VA APC UPS, where pfSense is the NUT 'server' as it has a USB cabled UPS hooked up to it, and now 4 devices are controlled by this UPS instead of one.
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

484
Topics

2.7k
Posts

G

@istacey said in PHP error installing pfSense-pkg-acme: 0.9_1:

Any ideas?

Yes and no.

It fails because it found something totally not expected thus 'wrong' in your config.xml file.
The solution is easy.
First, export your pfSense config.xml, and have a look.

Here :

d9adbc05-189b-4d95-a9d4-166498da1759-image.png

I have a section, the first, <accountkeys>, this <acmeserver>letsencrypt-staging-2</acmeserver> (with the name "test") that I never use.
"letsencrypt-staging-2" is only useful for testing, as the certificates obtained are not trusted by browsers.

You could even delete this block - the one that uses the "staging" :
<item> <accountkey>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJSktnSUJBQUtDQWdFQXRMT...... xbE9ZdXc9PQ0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg==</accountkey> <name>test</name> <acmeserver>letsencrypt-staging-2</acmeserver> <renewafter></renewafter> <errorfiles></errorfiles> <email><![CDATA[gw.kroeb@gmail.com]]></email> <descr><![CDATA[test nsupdate]]></descr> </item>
Save, import back in. Install acme and ... => no more issues <====

What was the problem ?

The second, using "letsencrypt-production-2" is the one used for the real works.
FRR

Discussions about the FRR Dynamic Routing package on pfSense

283
Topics

1.2k
Posts

M

@michmoor said in FRR 10 coming with script support ?:

Yep yep that's right. Sorry for confusing issues.

Np, we need more people engaged in this, FRR is a great software but it is not working smoothly with pfsense IPsec VTIs.
Tailscale

Discussions about the Tailscale package

77
Topics

436
Posts

E

@atlmcw

I had no issues.
WireGuard

Discussions about WireGuard

649
Topics

3.4k
Posts

D

Ohhh i forgot the gateway.

Its working now.

thank you so much.

S

NTOP & Stunnel

• • sullrich

1

0
Votes

1
Posts

2.6k
Views

No one has replied
S

AV + Spam assasin

• • sgnet

4

0
Votes

4
Posts

4.1k
Views

S

@sgnet:

Im now expert on linux or know much about programming, but I am willing to get my hands
dirty and learn something , how would i got about trying to intergrate such packages like spam assasin or even clam av on it

Review/study the existing code:

http://pfsense.com/cgi-bin/cvsweb.cgi/tools/packages/
E

AdZapping with squid

• • eric

2

0
Votes

2
Posts

3.9k
Views

?

AdZapper is a neat little redirector for Squid. Unfortunately squid only supports the use of only one redirector at a time. There is a perl script called zapchain that lets you chain multiple redirectors but its not especially well written and certainly not speedy. A debatably better solution would be to maintain a block list of the various adservers (there are lots of places to find these lits online) as an ACL in your squid.conf. This approach has its own drawbacks as well, so consider each.
S

Nice squid feature

• • sullrich

5

0
Votes

5
Posts

4.5k
Views

H

Not sure what all will be build into the package, but something that makes trading settings easy (maybe similiar to the backup/restore process to be able to restore different sections of settings) :)
M

11/11/2005 - Squid Commit & Changelog

• • Myntric

15

0
Votes

15
Posts

8.9k
Views

?

Posted to the "Squid Errors" thread, it seemed more appropriate. This was just a first-pass at the WebGUI, I'm hoping to give it a more thorough beating tomorrow.
S

Thoughts on reporting/monitoring package?

• • sbn

2

0
Votes

2
Posts

5.2k
Views

J

Pfsense already does most of that stuff. Use the package called Ntop. And enable the rrd tool. Takes heaps of looking around to find everything you want. But if you click on a specific IP there is a little Icon that looks like a graph and it gives you all sorts of stats etc such as what you are looking for (that little icon took me about 8 days to find LOL).

The only problem I have with the Ntop stats is I am unable to view the stats of a PC that has been turned off for a while. I have to wait until it comes back online. I could probably do it manually but I don't really care enough to go to the effort to find out how :).
J

Problem with Ntop and WinSCP

• • Jesse7

3

0
Votes

3
Posts

4.5k
Views

J

Thanks root worked. I did search!

So did I find a bug? with the Ntop thing?

Sorry I'm a bit usless.

I edited the XML file /usr/local/pkg/ntop.xml

But I am not sure how to make it "work". When I reinstalled ntop if overwrote this file. I was browsing for ages trying to find the "master" file.

Sorry aagain :), I'm slowly learning how to do it for myself.
M

Squid Package

• • Myntric

3

0
Votes

3
Posts

5.5k
Views

M

Yes. Initially, I did not know any PHP so this was a learning experience for me. Now that I have a little better experience, I'm cleaning the code. In addition to cleanup, I'm adding and testing the various the authentication options such as:

Local Authentication

RADIUs

LDAP

Domain

The first hurdle was that the squid_rad_auth port did not exist for FreeBSD so I had to take ownership (http://www.freebsd.org/cgi/query-pr.cgi?pr=87858) that so pfSense can support it. I anticipate a hopefully more stable release out very soon so I can move onto adding squidGuard and other packages that work in conjunction with it. The community can help by continuing to report bugs and if anyone is a coder and has a better or more efficient way to do something, please let me know as I want this package to be as solid as possible. Thanks!

Mike

462 / 462