1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @jucelio_rosa Squid has been updated upstream were just waiting for it to be merged here. All the issues security concerns etc have been fixed upstream. Per email from Squid community.. "The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-7.3 release! This release is, we believe, stable enough for general production use. We encourage all users of any previous version of Squid to upgrade to it. It can be downloaded from GitHub, at https://github.com/squid-cache/squid/releases/tag/SQUID_7_3 The main change since version 7.2 is the fix for regression bug 5520 "host or domain with leading digits rejected with ERR_INVALID_URL", along with a handful of other improvements and fixes. Please remember to run "squid -k parse" when testing the upgrade to a new version of Squid. It will audit your configuration files and report any identifiable issues the new release will have in your installation before you "press go". If you encounter any issues with this release please file a bug report at https://bugs.squid-cache.org/" This software works so good big tech hates when its used...HATES it it's light a giant flashlight on privacy abuses, it like gives Google a heart attack when its running so I assume it will be updated here eventually

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 Welcome

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi again @patient0, Sorry to bother, already added but still the same issue. [image: 1762785278179-0c2b7578-b3d2-481e-9804-2c7cd634a2e2-image.png] Laptop can ping the server in the pfsense network but not the Wireguard [image: 1762785316328-f4f57aeb-7c80-407c-a0b4-ba74bffb0714-image.png] [image: 1762785345259-7c6ef05c-9b95-4efb-9537-25772867ad7e-image.png] Also, Server cannot ping the laptop but can ping the wireguard: [image: 1762785528200-ddfceaf9-4883-4190-840d-a3e31e522e47-image.png] Any more suggestions? Thank you,
Log in to post
Load new posts
  • S

    Freeradius error during install "username too long"

    2
    0 Votes
    2 Posts
    395 Views
    jimpJ
    I'm not sure where that error might be coming from, but it would not likely be relating to a user in the pfSense user manager, but a user in the FreeRADIUS settings. You might need to take a backup, edit out the affected settings, restore that, and then try again.
  • emammadovE

    Error message from Arpwatch

    Moved
    6
    0 Votes
    6 Posts
    1k Views
    E
    I have the same problem, how can i solve this problem?
  • mohkhalifaM

    Integration of freeRADIUS with MS Active Directory

    captive portal freeradius radius bandwidth
    1
    0 Votes
    1 Posts
    658 Views
    No one has replied
  • E

    2.4.4 TFTP Server 413 Request Entity Too Large

    5
    0 Votes
    5 Posts
    1k Views
    B
    @Ethereal What was the actual fix action
  • ameliasmith010A

    This topic is deleted!

    1
    0 Votes
    1 Posts
    9 Views
    No one has replied
  • K

    Pfsense Squid Proxy and Pulse VPN

    2
    0 Votes
    2 Posts
    456 Views
    L
    just guessing, but if I was configuring a business VPN server for remote access such as Pulse, I'd probably have my server setup to disallow clients connecting through proxies as they break the security.
  • C

    Softether VPN Package

    2
    0 Votes
    2 Posts
    908 Views
    jimpJ
    No. There is no package for it, and no plans that I am aware of to include it or even to make it available for installation in that way. There is a request open here: https://redmine.pfsense.org/issues/9044
  • A

    Uninstalled packages in GUI menu after restore

    7
    0 Votes
    7 Posts
    2k Views
    GertjanG
    That config file is very comparable with the Windows Registry, or a file system for that matter. Leftovers are not bad thing, they are just not used any more. The file tends to be somewhat bigger. pfSense settings often get removed are changed during upgrade. Settings - entries in the config.xml - created by packages, on the other hand, are most often not removed when uninstalling.
  • E

    No package available in Available Package

    6
    0 Votes
    6 Posts
    821 Views
    GertjanG
    Yep. That confimes : @Gertjan said in No package available in Available Package: Most known reason : pfSense itself can't resolve anymore. Because : @Gertjan said in No package available in Available Package: Popular expression : you broke the DNS .... so it can't find updates and package information (these Netgate's server IPs are not hard coded in the code, they use URLs). You have the solution already ;)
  • T

    HAproxy SSL termination & Snort

    7
    0 Votes
    7 Posts
    3k Views
    R
    I was thinking about similar setup, haproxy + suricata Frontend: SSL Offloading, Type: http/https Offloading, Public Cert Backend: Adress+Port 80, SSL no Not sure about snort, but suricata can inspect openvpn interface. I would connect webserver via openvpn to pfsense. Traffic would be encrypten within vpn tunnel but it would be still http, which can be fully inspected by suricata I tested it and it was worked. but i am not sure if there is any other security caveat i didn't count with, of course that vpntunnel would need to be extra secured.
  • S

    This topic is deleted!

    2
    0 Votes
    2 Posts
    4 Views
  • S

    This topic is deleted!

    1
    0 Votes
    1 Posts
    5 Views
    No one has replied
  • M

    pfSense 2.4.5 MIA?

    9
    0 Votes
    9 Posts
    1k Views
    M
    @jimp Got it! Thanks . Just seemed odd it vanished
  • A

    Avahi - interface missing

    11
    0 Votes
    11 Posts
    3k Views
    johnpozJ
    @mohsh86 said in Avahi - interface missing: I've noticed that Avahi GUI does not list "Virtual IPs" Thinking maybe your not understanding what avahi actually does... It listens on an L2, a VIP is a L3 IP address.
  • U

    Basic FTP server Package for pfSense

    14
    0 Votes
    14 Posts
    6k Views
    GertjanG
    @u444665 said in Basic FTP server Package for pfSense: using Captive Portal which works perfectly, as long as you allow all remaining devices 1 by 1. Normally ..... a captive portal should be run on a dedicated interface (OPTx). Everybody on the 'non-trusted' captive portal interface and up to you if they 'merit' a place on a more trusted LAN (OPTy) interface. Or even LAN - if they are really trustworthy.
  • A

    Syslog-NG Feature request

    2
    0 Votes
    2 Posts
    379 Views
    GertjanG
    Goto [image: 1576080801221-af2c14fd-b182-431d-a85e-8fd9d65e53d6-image.png] and help yourself ^^ Btw : This is the FreeBSD 11.2 => so you wind up using "syslog-ng-3.14.1_1". Netgate (pfSense) does not develop FreeBSD, they 'use' it from FreeBSD.org and take it 'as is' with some packages wrapped up to they can be installed on pfSense using the pfSense GUI. Also : this is a firewall, so priority 1 - 2 and 3 are 'security' and 'stability', so you will never find the latest version nginx, php or whatever other package.
  • K

    Clear squidgard configuration

    2
    0 Votes
    2 Posts
    368 Views
    K
    any idea please .??
  • marcellocM

    Mailscanner UNOFFICIAL package for pfSense 2.3.x

    36
    0 Votes
    36 Posts
    10k Views
    BismarckB
    @VenimK Try touch /etc/inc/xmlrpc.inc and rerun the install.
  • T

    This topic is deleted!

    1
    0 Votes
    1 Posts
    11 Views
    No one has replied
  • W

    This topic is deleted!

    1
    0 Votes
    1 Posts
    66 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.