1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ

    @tinfoilmatt Here you go

    https://forum.netgate.com/topic/195860/mnt-folder-question

    To quote: @stephenw10

    "Jan 6, 2025 at 5:43 AM I would still use a custom location to be sure. I can't find anything off hand but if would conflict with anything that did.

    I'm pretty sure the efi partition is mounted there to test at upgrade for example."

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    C

    @bmeeks That would explain it. Thank you.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    569 Topics
    3k Posts
    dennypageD

    @StealthNet said in Outgoing Portscans - ntopng?:

    Tbh I never thought a default package would do some kind of outbound network discovery based on class C scanning of internet hosts.

    I don´t think this is ok.

    I agree. I was rather shocked when I discovered this while diagnosing the same issue with another pfSense user who happens to be a close friend of min. He had also enabled it because ntopng's description made it sound like a good thing.

    Anyway, I appreciate your, and others, input on this. I believe I will add a set of warning to the next version of the package, to at least have put forth the information/warning.

    Thank you.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    dennypageD

    @Unoptanio said in I don't receive emails ONLY on Apple devices:

    Mail cannot function in IOS 18.2 if iCloud Private Relay is blocked at a network level

    https://discussions.apple.com/thread/255916395?sortBy=rank

    This reference is/was out of date. The linked discussion referrers to a specific bug introduced iOS 18.2 (December 11, 2024), which was corrected in iOS 18.3 (January 27, 2025). Apple stopped signing of 18.2.X a week later, almost 2 months before this thread began.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    94 Topics
    2k Posts
    V

    @Vancejo1 said in apcupsd causes restart:

    When I stop the apcupsd service and run apctest then select 10 battery calibration. It cause my router to reboot after reporting the calibration was aborted.

    Is it really rebooting? Or does the UPS cut the power?
    Check the logs to get sure.
    I've seen the latter already, but with old batteries, however.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    491 Topics
    3k Posts
    jimpJ

    Let's Encrypt is removing the TLS Client Authentication EKU from certificates they sign in the near future:

    https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/

    This shouldn't affect many, if any, users of ACME on pfSense as it isn't used as a client certificate, only as a server certificate in various context (e.g. GUI, Captive Portal, HAProxy)

    In the past we have discouraged using Let's Encrypt certificates in certain contexts (like for clients) since it wasn't typically a secure practice. For example, if you use a Let's Encrypt certificate for OpenVPN, it would trust any certificate signed by Let's Encrypt, which makes it useless as an authentication factor.

    So while this is something to be aware of and check, it's unlikely to be a problem for most people.

  • Discussions about the FRR Dynamic Routing package on pfSense

    290 Topics
    1k Posts
    F

    Hi Team,

    This is driving me crazy!

    I typically set up FRR manually under PFS, but would like to move to GUI to make life easier for 'new folks'.

    Here's a snippet of my config:

    router ospf
    ospf router-id id.id.id.id
    area 0.0.0.0 shortcut default
    redistribute kernel
    !
    ip prefix-list XXX seq 1 deny 10.0.0.0/16 le 32
    ip prefix-list XXX seq 2 permit any

    route-map XXX permit 10
    match ip address prefix-list XXX
    !
    ip protocol ospf route-map XXX

    I cannot for the life of me figure out how to get the last line into the config via the GUI.

    I've read that setting ABR filters in FFR-OSPF->Areas might be the answer, but that doesn't seem to be it.

    Could someone please explain what I'm missing here?

    Thanks

    ChIP

  • Discussions about the Tailscale package

    85 Topics
    546 Posts
    M

    @jacobhall @Defiling2063
    I think it has something to do with DNS over HTTPS DoH.

    I have all the same issues. For me it worked after setup until i rebooted.

    It seems that the clients are pushed a faulty dns config and thinks it can do dns over https:

    sudo tailscale dns status

    Resolvers (in preference order):

    1.1.1.1 9.9.9.9

    I can use dig to check that the dns resolves using these servers just fine.

    When the system uses tailscales dns servers, the issue arises:

    % tailscale dns query apple.com DNS query for "apple.com" (A) using internal resolver: failed to query DNS: 500 Internal Server Error: resolving using "/dns-query": unrecognized resolver type "/dns-query" unrecognized resolver type "/dns-query"

    My guess is that headscale is pushing a faulty dns config?

  • Discussions about WireGuard

    679 Topics
    4k Posts
    D

    @Bob-Dig yeah lol, but I'm pretty sure I've followed everything to the letter as the other services are working or it's something small I'm overlooking....

Log in to post
Load new posts
  • jimpJ

    System Patches Package v2.2.10_1

    3
    8 Votes
    3 Posts
    2k Views
    jimpJ

    They can't be in the release notes immediately along with the release since the issues are marked private until after the release is out, but they'll be added shortly.

  • A

    Netmap root directory

    Moved
    1
    0 Votes
    1 Posts
    111 Views
    No one has replied
  • I

    Rebooting pfsense on wan gateway failure

    2
    0 Votes
    2 Posts
    726 Views
    styxlS

    @ipfftw Try this

    link text

  • P

    FreeRADIUS

    2
    0 Votes
    2 Posts
    249 Views
    P

    The screenshot I posted above got removed somehow so I'm posting in text

    sshguard 14637 Blocking "192.168.4.103/32" for 480 secs (1 attacks in 0 secs, after 3 abuses over 693 secs.)
  • T

    Freeradius TLS 1.0 and 1.1 not activated anymore

    1
    0 Votes
    1 Posts
    274 Views
    No one has replied
  • M

    Package missing list 23.09.1

    6
    0 Votes
    6 Posts
    401 Views
    M

    @ahking19 I chose the free version of OPNsense. I had already tested pfsense CE in the past. I had to switch to pfsense+ because the CE version was not compatible with my equipment.

    I didn't want to waste time on that. And in principle, I do not accept the fact that Pfsense+ became chargeable for home use, even though it was announced to be free. the price is excessively expensive…

  • X

    Snort blocking VPN traffic

    2
    0 Votes
    2 Posts
    297 Views
    bmeeksB

    Why don't you just disable that rule instead? It is an ET Policy rule. Those are usually used just for notification or to enforce some corporate policy. You've discovered that it is falsely triggering in your network due to the VPN traffic (a false positive), so just disable it. Click the red X under the GID:SID column in the ALERTS tab.

  • F

    Errors installing HAProxy and not showing up on services tab

    5
    0 Votes
    5 Posts
    320 Views
    F

    Good idea, I still have the equipment that I migrated from, so I will go back to that one and pull the config and see if I can find the differences in the config, thank you

  • L

    New Router. Backup Restored. No Snort Alerts now

    3
    0 Votes
    3 Posts
    442 Views
    L

    @bmeeks :
    Ok. So I disabled and unassigned the WAN Sort interface. Then copied it back to the newly unused WAN interface, enabled and started it and...... IT WORKED!!! I'm getting Alerts and its generating blocks as before the upgrade!

    Same name as before, but apparently an internal interface mapping in Snort was still looking for the old WAN interface id.

    Thanks!!!

  • H

    Question about cron package

    4
    0 Votes
    4 Posts
    840 Views
    H

    @hspindel said in Question about cron package:

    @Gertjan Thank you for the reply.

    pfSense is already setup to send notifications.

    So what do I do have the simple command "vmstat -m" run from cron and send an email?

    Never mind. Figured it out. Thank you.

  • M

    Avahi not reflecting some broadcast

    9
    0 Votes
    9 Posts
    1k Views
    M

    @dennypage i think that because of the package that can be seen by pfsense and openwrt_b and esphome_dashbord in vlan_iot and openwrt_b can reflect/re-create the package to vlan_server well, there is no problem with the openvpn or firewall rules.

    for now i think i will just use avahi in my openwrt_b.

  • opticalcO

    Will we ever get ZeroTier?

    1
    0 Votes
    1 Posts
    198 Views
    No one has replied
  • V

    update Snort 4.1.6_15

    2
    0 Votes
    2 Posts
    211 Views
    bmeeksB

    Release notes for IDS/IPS package upgrades are usually posted in the IDS/IPS subforum here on the Netgate Forums. Here is a link to the Release Notes post for Snort 4.1.6_15: https://forum.netgate.com/topic/186417/new-snort-package-v4-1-6_15-update-release-notes.

    Since my native (and unfortunately, only) language is English, I post the release notes for both Snort and Suricata in English in the IDS/IPS sub-forum located here: https://forum.netgate.com/category/53/ids-ips.

  • M

    speedtest-cli ERROR: Unable to connect to servers to test latency.

    9
    0 Votes
    9 Posts
    11k Views
    Sergei_ShablovskyS

    @mathais said in speedtest-cli ERROR: Unable to connect to servers to test latency.:

    @Gertjan Thank you, so you removed speedtest-cli ?
    I have openvpn configured on my pfsense and all my IPV4 traffic pass through the VPN .

    All traffic? Even video&music streaming? Why???

    Do you know another tool for testing my internet speed ?

    Saying “internet speed” what EXACTLY You mean: uplink to ISP, between Your pfSense and certain server, between Your device(s) and certain server?

    Check all cables, connected speed on NIC, no collisions and errors on interfaces.
    2.
    SWITCH ON RACK/QUICK congestion control (CC) in FreeBSD.
    3.
    DISABLE OFFLOADING on NICs - nowadays this have no sens.
    4.
    DISABLE POWER MANAGEMENT on motherboard (off CPU Threading, CPU power states, PCI & NICs power mgmt, etc…)
    5.
    only now test by

    Speedtest Fast Librespeed iperf3

    Your UPLINK (of course no any other net activity on pfSense would be).

    After that You have:

    maximum possible on certain moment from Your hardware & FreeBSD drivers; measurements from nearest and far servers (not very accurate because workload time of the day and loading of certain server);

    Better to automate this by Smokeping (on the pfSense device itself) OR Prometheus+Grafana on separate server (but agent on pfSense).
    With alerting on Pushover by API or email.

  • L

    New widget for the official speedtest.net cli version.

    2
    4 Votes
    2 Posts
    743 Views
    Sergei_ShablovskyS

    Just confirm that works on pfSense CE 2.7.2-RELEASE

    Just following installation instruction on GitHub.

    D7EE21DF-49C6-4CFC-A323-2F2F797C2F1A.jpeg
    (screenshot from one of our systems)

    [UPDATE]
    Let’s note Speedtest are ONE-STREAM app, so if someone need to test multi-WAN egress connection bandwidth, better to use iperf3 (now in v3.1)

    Thank You so much!

    P.S.
    Could You be so please to make Settings “Start on Dashboard loading” checkbox to REDUCE DASHBOARD WHOLE LOADING time: especially when a lot of other widget exist, like checking updates, fw/IDS/IPS logs, RSS, BSD system parameters, etc…

  • Z

    Openvpn wrapped by stunnel

    11
    1 Votes
    11 Posts
    5k Views
    V

    @akha666 Hello please how were you able to configure the stunnel to work with your OVPN. I keep trying to do the configuration on my pfsense but it doesnt work

  • L

    speedtest specific interface?

    2
    0 Votes
    2 Posts
    331 Views
    juanzelliJ

    @Lockie Run speedtest-cli -h to see the syntax. It seems you could run speedtest-cli --source <VPN IP> to test.

  • R

    Zabbix Agent 6 - problem [Interrupted system call]

    1
    0 Votes
    1 Posts
    232 Views
    No one has replied
  • A

    Package Available Error

    8
    0 Votes
    8 Posts
    1k Views
    T

    @wija86 i did not find any soulsion on it so i did reinstall my PFsense and now its working.
    I was stuck between 2.7.0 and 2.7.2 it did say i had the newest update but my GUI did say 2.7.0
    now after the reinstall my Gui says 2.7.2 and my packages are working again.

  • W

    Got error in package manager

    Locked
    6
    0 Votes
    6 Posts
    684 Views
    W

    @SteveITS said in Got error in package manager:

    https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

    Hi Steve

    i already try all step in that particular link , but no luck. when i check in system --> update --> system update
    there is warning message " pfSense-repoc : failed to fetch the repo data

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.