1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    Hello all, please dont shoot me on sight, im one of those who kinda set up things by following tutorials and actually see things how they look like on screen. And English is not my native language either. I setted up HAProxy with pfSense package for Nextcloud which works as VM at ip 192.168.1.214. It has self signed cert. I created ACME with Porkbun as wildcard and all that works totally fine. BUT i have big issue which i dont know how to solve. When im acessing by nextcloud.mydomain.xx in LOCAL LAN it serves page fine, but it uses self signed cert. Will someone, please, by example show me how to create working rule which will force pfSense to serve 192.168.1.214 and all its translation or whatever exclusively outside? Bare in mind that 214 has to be able to lurk in 192.168.1.0/24 also, since data storage is served by NFS on TrueNas. 192.168.1.1 (pfSense IP), 192.168.1.214 (Nextcloud IP) All works fine from outside, but from local LAN it bypase HAProxy, and serve nextcloud internal cert with correct domain name nextcloud.mydomain.xx . Well it seems that only bypas cert part since domain works. Somehow it resolve. This is what dig command does from local lan: ;; ANSWER SECTION: nextcloud.domain.xx. 3600 IN A 192.168.1.1 nextcloud.domain.xx. 3600 IN A 192.168.1.214 ;; Query time: 0 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP) ;; WHEN: Thu Oct 30 08:48:37 CET 2025 ;; MSG SIZE rcvd: 83 Main problem here is that Nextcloud app go stuck when we are on local network. It does not work since it gets different cert. It does not even ask do we want to accept it or not. Even if does it will be bit weird to do that every time we come home. Many thnx in advance!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    B
    @Greyhat I think it's useful to work with what we've got and figure something out for the (i hope) edge cases later. So for the JSON I figured you can actually use an existing suricata integration by co-opting their pipelines.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @dma_pf Debt collector, or debt relief service?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @netboy said in Docker container for nut server?: I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!! My apologies. I interpreted your earlier question I think i need to explain what i am asking for. I am fully aware if your netgate router is attached to an UPS you can configure netgate. Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality? as a request to have something running on pfSense, which is why I responded I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead. Mutual misunderstanding I guess. If you want to explore general NUT monitoring, and not something particular to pfSense, I would recommend the NUT Users list as a better place to seek information.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    638 Posts
    L
    @Vad-B Interesting indeed! I just tried to fill the Pre-authentication Key with file:/dev/null. I get an crash in pfsense after some time, but when I login again is saved. For me this for after service restarts at least this solves it, including the issue with the routes not being advertised even set in the WebUI. Havent done an full restart of pfsense (yet)

  • Discussions about WireGuard

    711 Topics
    4k Posts
    D
    Hello, I’m wondering if it’s possible to have a private vpn wireguard server on pfsense and to also have a personal wireguard server such that friends can link to your pfsense network but also be under the private vpn, nordvpn for example. Is that possible to with routing?
Log in to post
Load new posts
  • buggzB

    Official Wazuh agent support?

    2
    2 Votes
    2 Posts
    453 Views
    B
    @buggz I second this. It would make things much easier than enabling the FreeBSD repos, if that still even works. I might end up giving it a whirl with one of my internal fws. I've also considered the syslog route but the agent seems like it may provide more info/customization etc.
  • A

    Pfsense new install no software packages available

    38
    0 Votes
    38 Posts
    27k Views
    B
    Thanks for all the replies. I ran the upgrade in the command line pfSense-upgrade -y and am on 2.7.2 now. All packages seems to be populating again.
  • fireodoF

    LCDproc

    5
    1
    0 Votes
    5 Posts
    374 Views
    fireodoF
    Hi, there is another problem with LCDpros 0.12_1 (beside the increase processor activity since the update 12-13.05.24) when there is a Gateway latency problem or the WAN gets unexpectedly down, Aug 6 04:28:48 rc.gateway_alarm 23648 >>> Gateway alarm: WAN_PPPOE (Addr:217.xxx.xxx.xxx Alarm:0 RTT:9.355ms RTTsd:.223ms Loss:5%) LCDProc is flooding the log with this: Aug 6 04:30:03 php 25120 lcdproc: Connection to LCDd process lost () Aug 6 04:28:55 php 25120 lcdproc: Connection to LCDd process lost () Aug 6 04:28:54 php 25120 lcdproc: Connection to LCDd process lost () Have a nice day, fireodo
  • O

    LCDproc totally broken in 0.12_1?

    3
    0 Votes
    3 Posts
    256 Views
    fireodoF
    Hi, there is another problem with LCDpros 0.12_1 (beside the increase processor activity since the update 12-13.05.24) when there is a Gateway latency problem or the WAN gets unexpectedly down, Aug 6 04:28:48 rc.gateway_alarm 23648 >>> Gateway alarm: WAN_PPPOE (Addr:217.xxx.xxx.xxx Alarm:0 RTT:9.355ms RTTsd:.223ms Loss:5%) LCDProc is flooding the log with this: Aug 6 04:30:03 php 25120 lcdproc: Connection to LCDd process lost () Aug 6 04:28:55 php 25120 lcdproc: Connection to LCDd process lost () Aug 6 04:28:54 php 25120 lcdproc: Connection to LCDd process lost () Have a nice day, fireodo
  • M

    Troubleshooting telegraf - influxdb

    3
    0 Votes
    3 Posts
    3k Views
    F
    Might help someone, I had similar issues, but it turns out my pfsense didn't trust the self signed CA that signed the influxDB cert. Found out by stopping the service: ps aux | grep tele kill -9 <PID> And then running telegraf manually: /usr/local/bin/telegraf -config=/usr/local/etc/telegraf.conf Note that the service restart/stop buttons in the web gui did not work for me, only the start button (which shows up after I killed the process)
  • K

    isc-bind package upgrade

    4
    0 Votes
    4 Posts
    529 Views
    K
    @allxi said in isc-bind package upgrade: https://github.com/pfsense/FreeBSD-ports/commit/279801056eb46b74ce3828a77a7b679225817a2d#diff-a69ffe76fc45ab53d7931b2ee22b96681a82a9ef3245d8ea08eb0a217db0bb60 Thanks (sorry for the delayed response) However its great we have this but this doesnt show when it will hit CE at all, as this commit was 2 years ago, but 9.16 is still in CE
  • T

    Changing VnStatd max bandwidth limits for specific interfaces in 2.4.5-RELEASE-p1

    3
    0 Votes
    3 Posts
    1k Views
    P
    While looking for something else I found that I also have similar messages in my syslog. Looking further I found this recommendation for the vnStat package: "Every NIC is added on install. So if a NIC is added (or removed) on the firewall, remove the package and install again. If the firewall has data for a NIC vnStat will report the data even if the NIC has been removed. A reinstall of the package will not change this as the firewall has data pertaining to the non existent data and thus other packages such as vnstat2 will report the data it has or has found." Link: https://docs.netgate.com/pfsense/en/latest/packages/traffic-totals.html Indeed I changed my hardware and restored the configuration from the old one. Some NICs changed from 1Gb to 10Gb. However, after removing and installing the package I see this in the log: Monitoring (10): tun_wg0 (1000 Mbit) pppoe1 (1000 Mbit) pfsync0 (1000 Mbit) pflog0 (1000 Mbit) ix1 (10000 Mbit) ix0 (10000 Mbit) igb1 (10 Mbit) igb0 (10 Mbit) enc0 (1000 Mbit) em0 (1000 Mbit) And it's incorrect. My pppoe1 sits on ix0 and my fiber speed is 3/3Gbps, so higher than 1000Mbit vnStat thinks. Also igb0 and igb1 are 1000Mbit, not 10Mbit (they are not assigned yet, though). I suppose the log messages we see are no more than a minor nuisance but is there a way to assign correct interface speeds for vnStat or disable these messages?
  • P

    Performance with widget Speedtest by ookla

    3
    0 Votes
    3 Posts
    356 Views
    P
    @Gertjan Thank you! I Understand activities use resources, but if we have 50%+ cpu idle, probably not causing a problem? Or is that misleading? I have the exact same hardware pfsense firmware/software all with the same speedtest gui in 3 different ISP/locations. One location I have ATT Dedicated Fiber (new Install) that basically has zero network load but speed tests are all over the map (and large majority of tests are below the 90% minimums) The other 2 locations have a lot of network traffic, have shared fiber and they are much more stable than the ATT dedicated fiber. Since I have those three comparisons, I feel that proves the issue is with the ATT Dedicated fiber service. Yes or No / Agree disagree? Thanks!
  • T

    pfSense Repository down?

    6
    0 Votes
    6 Posts
    2k Views
    GertjanG
    @SteveITS said in pfSense Repository down?: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#packages-netgate-com-has-no-a-aaaa-record Correct, no A or AAAA record. This time SRV records ("server records ?") are looked for. This is probably is, I'm just thinking out loud : everything is fine, but DNS isn't. pfSense can't call out for self. Seen that before, and I never understood how people to so. Default 'Netgate' DNS settings work, as I've shown above.
  • D

    no Available Packages in Package Manager

    7
    1 Votes
    7 Posts
    891 Views
    K
    @dhenzler THANK YOU for posting this!!!! I had been fighting this (and losing) for months now but, ran across this thread today and decided to try it out. It WORKED!!! At first I was more confused because I went to the system update and it showed the version 2.7.2 BUT, didn't give me an option to do the update from 2.7.0. I ran the certctl rehash in the Diagnostics/Command Prompt box which then let me access the update. And even before I ran the update I tested to see if the package manager would populate the list and, it did! And it still works after doing the update! YAY!!!! So again, thank you!
  • B

    Avahi service stops / won't start when enabling reflection

    5
    0 Votes
    5 Posts
    469 Views
    dennypageD
    @beechclose FWIW, it turns out the limit isn't number of reflectors, but just the line length. There is a hard coded line length limit of 256 characters for the ini file. It is a known issue. I put up a PR to increase this to 1024.
  • JonathanLeeJ

    Squid migration from 5.8 to 6.6 issues

    3
    0 Votes
    3 Posts
    562 Views
    JonathanLeeJ
    It is working like a dream outside of the status pages it is 100x faster with browser traffic on my secure system that I hunt for bugs with.
  • W

    Nrpe

    1
    0 Votes
    1 Posts
    209 Views
    No one has replied
  • T

    SNORT no longer scanning Stopped 6/28/24 at 21 hour

    1
    0 Votes
    1 Posts
    123 Views
    No one has replied
  • B

    Ping monitoring

    17
    1
    0 Votes
    17 Posts
    2k Views
    dennypageD
    @bigjohns97 said in Ping monitoring: Help me understand what the risks are here, to me this is nothing more than what an nmap scan would do. Ntopng is an autonomous agent, whereas nmap is not. Consider that. You should look at the ntopng code and decide for your self. The best I can tell you is that I have, and I recommend against enabling it. FWIW, you may have different views on network security that I do.
  • F

    Avahi : Windows not found my printer

    8
    0 Votes
    8 Posts
    915 Views
    johnpozJ
    @fjmp24 said in Avahi : Windows not found my printer: a rule IPv4 UDP VLAN_1 subnets * 224.0.0.251 5353 * a rule IPv4 TCP/UDP VLAN_2 subnets * Printer * * a rule IPv4 UDP VLAN_2 subnets * 224.0.0.251 5353 * Posting rules like doesn't help much to be honest.. Have no clue to what could be above that making those moot.. Are those on the same interface even? You have 2 rules with vlan2 subnets as source, and another rule with vlan1 as source.. How would both networks be source into the same interface? Seems you got it sorted so that is good, but next time you need help a picture of your rules showing the interface they are on, etc. is worth 10k words..
  • A

    Slave zone in BIND (9.17)

    6
    0 Votes
    6 Posts
    605 Views
    A
    Hello @LarryFahnoe Thank you. I know it. But sometimes I need to use a server without internet. (master is not available)
  • T

    System Patches Package Programatical Apply

    4
    0 Votes
    4 Posts
    971 Views
    J
    @tkriviradev Did you have any success making a curl command?
  • P

    awscli in pfSense

    3
    1 Votes
    3 Posts
    2k Views
    P
    @kaioh84 Hey guys, Some time ago, I encountered the same issue. To resolve it, I installed "awscli" using Python version 3.11. To fix this, you need to install the package with the following command: pkg install py311-setuptools-63.1.0_1 After that, apply the "rehash" command. Follow these steps: rehash Then, execute the following command to install awscli: python3.11 -m pip install awscli That's it! Now, it should be configured as you desire. In my case, I configured it for the s3 bucket. These steps were executed on Pfsense 2.7.2 running version 14 of FreeBSD.
  • A

    Can I join active directory users with Freeradius?

    1
    0 Votes
    1 Posts
    135 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.