1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    patient0P
    @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1 What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
Log in to post
Load new posts
  • O

    Configure NUT to only monitor and do nothing?

    2
    0 Votes
    2 Posts
    664 Views
    dennypageD
    You cannot configure NUT such that it will not attempt to perform a shutdown. You could configure a shutdown command that doesn't do anything by adding the following line in the "Additional configuration lines for upsmon.conf" section: SHUTDOWNCMD /bin/echo Note however that NUT will still do everything but shutting down the system, including shutting down any slaves. I'm also unclear on how NUT will behave following the attempted shutdown. You may have to restart the service. In general however, I would not recommend the approach of trying to split the UPS between apcupsd and NUT. If you want NUT's monitoring, use NUT for the shutdown.
  • G

    FreeRADIUS 3.x package NTLM problem

    13
    0 Votes
    13 Posts
    4k Views
    A
    @Zizi: Hi, today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords". If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication" Is there any way to use non clear text password storage with working WPA-EAP? Same here.
  • M

    Email notifications fail - Service Watchdog

    6
    0 Votes
    6 Posts
    2k Views
    GertjanG
    @Mateh: Indeed. pfSense 2.4.3 running Service_Watchdogs 1.8.4. Settings from Notifications: E-Mail server: smtp.mailgun.org SMTP Port of e-Mail server: 465 Secure SMTP Connection: [tick] From e-mail address: my@email.com Notification E-mail address: my@email.com Notification E-Mail auth username: my@login.email Notification E-Mail auth password: mypass Notification E-Mail auth mechanism: PLAIN Looks fine to me. I have exactly the same thing, with one difference : I'm not using some mail supplier, but my own mail server on a delicate server on the Internet (so I have full control on both sides). You are using the right port (465 - which uses TLS from start) and you are identifying yourself correctly. If this goes wrong ones in a while, answers should by found by the one running "smtp.mailgun.com".
  • F

    Problem with freeradius

    2
    0 Votes
    2 Posts
    607 Views
    GertjanG
    Your last image : as per https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS - Section : Amount of Traffic the option "re-authenticate users every minute" should be set so the user gets disconnected. Otherwise your limit of "1200" (Mbytes) will not work … What I did to check / debug all this : I read this : https://doc.pfsense.org/index.php/Testing_FreeRADIUS This : https://doc.pfsense.org/index.php/Additional_Logging_for_FreeRADIUS (written for 2.x but useful). Also : when your setup is ok, goto    Status => Services STOP the radius daemon. Acces the console. Take option 8 - SSH access. Type``` radiusd -h Read … Find the option -X Use it ! Start radfius by hand using **radiusd -X** (or **radiusd -X -xx**) Now you have all the info - there should be no red lines. Keep this console window open. Now login with a user on the captive portal. The entire login info will be laid out, and it's easy to find what went wrong. Questions about what being shown , Normal. Radius is not some small program, it's huge, took me days of just reading this one https://fr.wikipedia.org/wiki/FreeRADIUS and many others. With manuals, Radius (FreeRadius) is useless. > I added a cronjobe << 0 0 * * * root / bin / rm / var / log / radacct / datacounter / day / used-bytes - * >> This won't work  :) For example, "day" doesn't exist. See image for my cron entries, I used the the cron package of course. ![cron.PNG_thumb](/public/_imported_attachments_/1/cron.PNG_thumb) ![cron.PNG](/public/_imported_attachments_/1/cron.PNG)
  • M

    WPAD error

    1
    0 Votes
    1 Posts
    535 Views
    No one has replied
  • D

    Telegraf / Influxdb

    2
    0 Votes
    2 Posts
    1k Views
    C
    Duplicate of https://forum.pfsense.org/index.php?topic=145991.msg796861#msg796861 and it's an upstream issue: https://redmine.pfsense.org/issues/8425#change-36362
  • A

    No Samba package on Pfsense?

    18
    0 Votes
    18 Posts
    3k Views
    ScottyDMS
    Forget pfSense and use FreeNAS instead. It too is built on FreeBSD. However FreeNAS needs RAM–8 GB minimum.
  • A

    Clamd problem

    1
    0 Votes
    1 Posts
    325 Views
    No one has replied
  • J

    Blocked Domain Reporting with Ntop

    1
    0 Votes
    1 Posts
    526 Views
    No one has replied
  • K

    FreeRadius3 EAP-TLS error

    4
    0 Votes
    4 Posts
    2k Views
    P
    this works, but revocation will not work. so if you revoke a cert, the authentication will still pass.  If you want to be able to revoke certs, and have free radius honor that, then follow what worked for me: I have found the workaround solutions posted in the forums, for free radius and a functioning CRL, do not quite work. The workarounds listed: https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls semi work.  The problem is, the manual changes are wiped away easily.  i.e. a change in the radius config (i.e. a user attribute), will cause the radius.conf and the cert files to be overwritten.  A little background on my system: -Free radius v3 -pfsense v2.42 p1 Now, i think i may have found a workaround, that is "sticky".  It follows the same method as listed in this thread (https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls), but instead of appending the CA/CRL in the same file via the CAT command, append the CRL via the pfsense GUI to the CA cert body.  This way, every time you reload freeradius, it reads form the PFSENSE Cert files, and now everything works. Also, i found if you configure sub CA's, free radius has issues with that.  So, a work around for that, is to: -create your root CA -create sub CA -create crl for sub ca -then, "import" a CA.  the cert body will be the root->sub->crl -create free radius server cert -in free radius, use the "import" CA, and the free radius server cert ..i found if you dont do this, free radius will error with error 19, self signed in the chain.  Understand the reason to use sub certs is for security, as i understand root CA's are designed to create sub CA's, not user or server certs.  This way, if sub CA is copromised, you dont have to recreate cert chain, just that particular sub ca. I dont claim to be a PKI expert, but the above worked for me. –-note, for revocation to work, you will have to re-paste the CRL info back into the "import" cert, and restart radius.  note, that restarting radius via the GUI, i.e services click the restart gear, does not work.  I found i needed to make a change to free radius, i.e change a setting in the eap config, save it, then set it back, svae it.  this seems to trigger a true radius restart. hope this helps
  • J

    CollectD goes off

    1
    0 Votes
    1 Posts
    574 Views
    No one has replied
  • R

    Manually loading packages

    2
    0 Votes
    2 Posts
    528 Views
    GertjanG
    @robert.herrmann: I am a noob using pfSense and freebsd, so please be gentle. pfSense is using FreeBSD is it's base OS. But differences exists : one of them is the package handling. @robert.herrmann: I have a pfSense installation running version 2.4.1.  This system does not have access to the internet.  :( Wait … Your posting on a public forum, right ? Bring your system along the next time - update - upgrade - done. @robert.herrmann: I would like to install freeradius but am struggling.  I have managed to download the .pbi (freeradius-2.2.5_3-i386.pbi) and get it copied into pfSense machine into the /tmp directory.  But I cannot seem to find a way to install this. This situation was mentioned some time ago. I guess it was completely abandoned. I guess you have to connect  it at least ones …. edit : wait ! I guess it possible - it probably a manual job, not or very badly documented. Get out of the noob phase and you'll be fine. I asked the world for advise ( pfsense install package without internet connection ) - it came back with https://forum.pfsense.org/index.php?topic=130966.0
  • J

    Pls develop this pkg for VPN proxy detection

    3
    0 Votes
    3 Posts
    771 Views
    J
    Thank you! I will take a look
  • Z

    FreeRadius 3 and OTP

    5
    0 Votes
    5 Posts
    3k Views
    S
    Hi there, I just registered to comment that I got OTP to work with PAP protocol only. Set it up in System > User Manager > Authentication Servers > your FreeRADIUS auth server > Server Settings > Protocol: PAP. Note that MS-CHAPv2 is the default option. I hope this helps someone!
  • SammyWooS

    SOLUTION: apcupsd to Minisys (ProtectLI) and APC Smart Serial Interface

    1
    0 Votes
    1 Posts
    870 Views
    No one has replied
  • S

    Stunnel enhancement.

    1
    0 Votes
    1 Posts
    582 Views
    No one has replied
  • B

    Block internet access for kids, but allow FaceTime (on port 80)

    11
    0 Votes
    11 Posts
    2k Views
    NogBadTheBadN
    Seems to work protocol any. I'd do the schedule like my second attachment, where 172.16.3.100 is the iDevice IP or an alias that contains multiple IP addresses. [image: Untitled.jpg] [image: Untitled.jpg_thumb] [image: Untitled.jpg_thumb] [image: Untitled.jpg]
  • B

    Mail Relay versus port forwarding

    4
    0 Votes
    4 Posts
    1k Views
    B
    @biggsy: I agree with pete35.  I used to run the postfix package on the firewall but there are some good reasons not to do that. What are the good reasons out of interest ? BA
  • D

    FreeRadius 3.x pfSense authentication with MD5-Password

    1
    0 Votes
    1 Posts
    597 Views
    No one has replied
  • K

    Stunnel removed with 2.3 ?

    Locked
    14
    0 Votes
    14 Posts
    9k Views
    valnarV
    Hey guys.  Sorry to revive a thread but I figured the important people are all here. I was wondering if someone could help with the stunnel package?  Here's the problem we're having in the latest version. https://forum.pfsense.org/index.php?topic=142463 It doesn't seem to be running on a reboot, so it's probably just missing an entry somewhere to start it?  I assume it would be easy for a Linux/BSD guy to fix, but alas that's not me. Thank you!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.