1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • T

    Pfsense Icinga2 package

    1
    0 Votes
    1 Posts
    531 Views
    No one has replied
  • E

    syslog-ng - send logs using TCP and TLS

    4
    0 Votes
    4 Posts
    770 Views
    bmeeksB

    @e-1-1 said in syslog-ng - send logs using TCP and TLS:

    @bmeeks first of all, thanks for all the work you're doing with Suricata!

    Yup, manual config is possbile with syslog-ng. Myself, I prefer to use GUI methods to minimize errors and configuration drift.

    I was sincerely hoping a GUI method is available. Am already using such a setup, but with Barracudas.

    Guess a feature request is in order for this.

    Or learn a little PHP programming know-how (if you don't have it already) and create a package for this feature. Become a volunteer package maintainer. That's what I did for Snort (when I took over its maintenance) and later when I created the Suricata package. That's the beauty of open-source software.

  • M

    Freeradius (possible login times)

    2
    0 Votes
    2 Posts
    280 Views
    GertjanG

    hi,

    This, Authenticating OpenVPN Users with FreeRADIUS, tells me that Authenticating works. What you want, is Accounting, as is used by the Captive portal, enforced by the Interim option.
    Simply put, I guess, this isn't possible - not present in the GUI.

    See also https://networkradius.com/doc/3.0.10/raddb/mods-available/logintime.html

    If there is a way, it would be some setting (script ?) on the OpenVPN server side that should be called every xx seconds, so it can question FreeRadius if the actual logged in user is still allowed to stay logged in.

    Plan B : on the OpenVPN interface you put firewall rules. Schedule them in time ?

  • S

    Telegraf coredump on Netgate 1100.

    Locked
    2
    0 Votes
    2 Posts
    286 Views
    ?

    Hi,

    That was me in Support. Unfortunately, this is not what I meant. Please check the ticket and I will provide help to get the redmine bug created. The community will not be able to provide help to resolve this issue for you on the forum, this issue will need to be worked through redmine. I will lock this thread now.

    Thank you,

    -James

  • P

    pfBlocker with Blocking Notice?

    9
    0 Votes
    9 Posts
    1k Views
    noplanN

    whatpackage do u use ?
    i use

    83ec0e31-58f3-487d-8197-f296df4baed3-grafik.png

  • andrewKA

    BIND DNS stops working 2-7 hours after reloading [SOLVED]

    10
    0 Votes
    10 Posts
    1k Views
    andrewKA

    SOLVED: I have a Cisco SG-350 downstream of the pfSense box(es). The problem definitely resided there.

    I had EEE turned on on the Cisco SG-350.

    The were no obvious other symptoms of this besides just port 53 on the native VLAN for the trunk between the SG-1100 and the Cisco SG-350, going down randomly within 24 hours. (more substantial test revealed that failure occurred as little as 10 minutes and as much as 21 hours)

    ~A

  • S

    Telegraf not sending some values (host, interfaces, etc)

    1
    0 Votes
    1 Posts
    185 Views
    No one has replied
  • M

    CLI installed pfsense packages not showing up in GUI

    12
    0 Votes
    12 Posts
    6k Views
    DerelictD

    You would probably get a better response starting your own thread with a complete description of exactly what YOU are doing and seeing.

  • A

    is there a plan to exchange haproxy with nginx

    2
    0 Votes
    2 Posts
    202 Views
    P

    If you want to create a nginx package, i think your welcome to do so. I'm sticking with haproxy package for the moment. And then still there is no reason i can think of to 'exchange' one for the other, they could both co-exist as pfSense-packages on the same installation.

    my 2 cents.. Regards, PiBa-NL

  • L

    VPN subcategory

    7
    1 Votes
    7 Posts
    899 Views
    jimpJ

    The userland application is a dead end. Not worth expending effort on. It can never perform up to standards, and has had stability issues.

  • D

    Can't install openvpn-client-export - RESOLVED

    6
    0 Votes
    6 Posts
    4k Views
    D

    All,

    I've been able to get it installed. Apparently my internet connection was so slow that the web interface was timing out before it could download it in time. I was able to get it installed using the command line instead. Next I need to work out why my internet has gone to crap.

    Thanks all.

  • O

    tinc - uninstall leaves behind interface "pkg_tinc" in firewall rules

    2
    0 Votes
    2 Posts
    162 Views
    jimpJ

    I believe it's just an entry under Interfaces > Assignments on the Interface Groups tab.

  • senseivitaS

    What are the firewall rules to allow traffic to Avahi?

    Moved
    1
    0 Votes
    1 Posts
    271 Views
    No one has replied
  • V

    sg-1100 - Recommend Must have Packages

    1
    0 Votes
    1 Posts
    174 Views
    No one has replied
  • O

    syslog-ng not starting

    4
    0 Votes
    4 Posts
    2k Views
    kiokomanK

    @oleg-blecher said in syslog-ng not starting:

    Undefined symbol "g_ptr_array_find_with_equal_func"

    if you have that error after the update it means that everything was not successful

    try from console

    pkg install --force glib-2.56.3_7,1

    or backup your config and do a clean install of 2.4.5 and restore

    that error it's due to a mismatch between lib and syslog-ng

  • S

    Arpwatch vendor database doesn't work, upper/lower case bug.

    2
    0 Votes
    2 Posts
    395 Views
    kiokomanK

    indeed someone asked for it on freenode. and i verified it was not working.
    we can set that to lower or to upper or set the preg_match case insensitive 🤷
    anyway it will be ok in a few days

  • D

    My OpenVPN Client Connects, But....

    4
    0 Votes
    4 Posts
    2k Views
    bmeeksB

    I agree with @johnpoz. Looks like the OP is attempting to install and use the OpenVPN client package on a Windows 10 box either without using, or perhaps by not having access to, administrator permissions.

    Is this Windows 10 domain box perhaps at an office and employees do not routinely have local administrator permission? That would be a typical corporate setup, for sure.

  • D

    Error Attempting to Install OpenVPN Client Package on Windows 10

    8
    0 Votes
    8 Posts
    675 Views
    johnpozJ

    Well you got no route.. Did you run as admin?

  • L

    LCDproc with LK204-7T-1U

    1
    0 Votes
    1 Posts
    202 Views
    No one has replied
  • B

    Cron package suggestion

    Moved
    1
    1 Votes
    1 Posts
    262 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.