1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    We installed haproxy on Netgate 8200 device 25.07.1-RELEASE (amd64) installed acme certificates and get certificate from letsencrypt, everything ok. checked ssl offload in frontend and selected the acme generated certificate under SSL Offloading. result after Apply Changes: Errors found while starting haproxy [NOTICE] (72045) : haproxy version is 2.9.14-7c591d5 [NOTICE] (72045) : path to executable is /usr/local/sbin/haproxy [ALERT] (72045) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_WAN_117.pem' (No such file or directory). [ALERT] (72045) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind x.x.x.x:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_WAN_117.pem [ALERT] (72045) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] (72045) : config : Fatal errors found in configuration. also package _devel has the same issue. on other boxes where haproxy was configured on 24.11 - upgraded to 25.07.1 its working. BUG ?? so what can we do now -bolded text we need this function. thank you all in advance

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    B
    @Greyhat I think it's useful to work with what we've got and figure something out for the (i hope) edge cases later. So for the JSON I figured you can actually use an existing suricata integration by co-opting their pipelines.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy Well then it would seem that you've successfully resolved your root issue. Nice work.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    johnpozJ
    @netboy do you have this docker available - this is actually pretty slick. I didn't think about monitoring the one connected to my nas.. It monitors it for shutdown of the nas, but it be nice to see such info off of it. I have one behind my tv I monitor with pi I have connected, that is my ntp server as well. I keep meaning to put another pi I have for the one in my av cab to monitor that one - just haven't gotten around to it. I have 4 total in the house of the cyberpower ones.. Be nice to throw them all into 1 place to monitor.. One I monitor on my pc, with misc network gear plugged into that, one my nas monitors for its own use, pretty sure the pfsense is on that ups along with my APs I think - but didn't think of turning on its server function and point pfsense to it. You have inspired me to to a better job of monitoring mine.. Mine are all cyber power 1500s, would have to double check models but I know at least 2 of them are the cCP1500PFCLCD I think your docker would be perfect for my use as well.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    638 Posts
    L
    @Vad-B Interesting indeed! I just tried to fill the Pre-authentication Key with file:/dev/null. I get an crash in pfsense after some time, but when I login again is saved. For me this for after service restarts at least this solves it, including the issue with the routes not being advertised even set in the WebUI. Havent done an full restart of pfsense (yet)

  • Discussions about WireGuard

    712 Topics
    4k Posts
    D
    I feel like I’ve followed every guide there was. I was able to get nordvpn via wireguard on my pfsense but for the life of me I can’t get my own wireguard server working. I can’t even get a handshake. I have all the firewall rules mentioned, the gateway, interfaces. Etc. I got no clue what to do at this point. Can anyone please help? I’ll provide any information required I just don’t even know where to start I’ve tried every YouTube video possible and guide it’s strange. I was able to get nordvpn working but I can’t get my own.
Log in to post
Load new posts
  • T

    Freeradius TLS 1.0 and 1.1 not activated anymore

    1
    0 Votes
    1 Posts
    375 Views
    No one has replied
  • M

    Package missing list 23.09.1

    6
    0 Votes
    6 Posts
    664 Views
    M
    @ahking19 I chose the free version of OPNsense. I had already tested pfsense CE in the past. I had to switch to pfsense+ because the CE version was not compatible with my equipment. I didn't want to waste time on that. And in principle, I do not accept the fact that Pfsense+ became chargeable for home use, even though it was announced to be free. the price is excessively expensive…
  • X

    Snort blocking VPN traffic

    2
    1
    0 Votes
    2 Posts
    450 Views
    bmeeksB
    Why don't you just disable that rule instead? It is an ET Policy rule. Those are usually used just for notification or to enforce some corporate policy. You've discovered that it is falsely triggering in your network due to the VPN traffic (a false positive), so just disable it. Click the red X under the GID:SID column in the ALERTS tab.
  • F

    Errors installing HAProxy and not showing up on services tab

    5
    0 Votes
    5 Posts
    512 Views
    F
    Good idea, I still have the equipment that I migrated from, so I will go back to that one and pull the config and see if I can find the differences in the config, thank you
  • L

    New Router. Backup Restored. No Snort Alerts now

    snort alerts not working
    3
    0 Votes
    3 Posts
    865 Views
    L
    @bmeeks : Ok. So I disabled and unassigned the WAN Sort interface. Then copied it back to the newly unused WAN interface, enabled and started it and...... IT WORKED!!! I'm getting Alerts and its generating blocks as before the upgrade! Same name as before, but apparently an internal interface mapping in Snort was still looking for the old WAN interface id. Thanks!!!
  • H

    Question about cron package

    4
    0 Votes
    4 Posts
    1k Views
    H
    @hspindel said in Question about cron package: @Gertjan Thank you for the reply. pfSense is already setup to send notifications. So what do I do have the simple command "vmstat -m" run from cron and send an email? Never mind. Figured it out. Thank you.
  • M

    Avahi not reflecting some broadcast

    9
    2
    0 Votes
    9 Posts
    2k Views
    M
    @dennypage i think that because of the package that can be seen by pfsense and openwrt_b and esphome_dashbord in vlan_iot and openwrt_b can reflect/re-create the package to vlan_server well, there is no problem with the openvpn or firewall rules. for now i think i will just use avahi in my openwrt_b.
  • opticalcO

    Will we ever get ZeroTier?

    1
    0 Votes
    1 Posts
    249 Views
    No one has replied
  • V

    update Snort 4.1.6_15

    2
    0 Votes
    2 Posts
    340 Views
    bmeeksB
    Release notes for IDS/IPS package upgrades are usually posted in the IDS/IPS subforum here on the Netgate Forums. Here is a link to the Release Notes post for Snort 4.1.6_15: https://forum.netgate.com/topic/186417/new-snort-package-v4-1-6_15-update-release-notes. Since my native (and unfortunately, only) language is English, I post the release notes for both Snort and Suricata in English in the IDS/IPS sub-forum located here: https://forum.netgate.com/category/53/ids-ips.
  • M

    speedtest-cli ERROR: Unable to connect to servers to test latency.

    9
    0 Votes
    9 Posts
    14k Views
    Sergei_ShablovskyS
    @mathais said in speedtest-cli ERROR: Unable to connect to servers to test latency.: @Gertjan Thank you, so you removed speedtest-cli ? I have openvpn configured on my pfsense and all my IPV4 traffic pass through the VPN . All traffic? Even video&music streaming? Why??? Do you know another tool for testing my internet speed ? Saying “internet speed” what EXACTLY You mean: uplink to ISP, between Your pfSense and certain server, between Your device(s) and certain server? Check all cables, connected speed on NIC, no collisions and errors on interfaces. 2. SWITCH ON RACK/QUICK congestion control (CC) in FreeBSD. 3. DISABLE OFFLOADING on NICs - nowadays this have no sens. 4. DISABLE POWER MANAGEMENT on motherboard (off CPU Threading, CPU power states, PCI & NICs power mgmt, etc…) 5. only now test by Speedtest Fast Librespeed iperf3 Your UPLINK (of course no any other net activity on pfSense would be). After that You have: maximum possible on certain moment from Your hardware & FreeBSD drivers; measurements from nearest and far servers (not very accurate because workload time of the day and loading of certain server); Better to automate this by Smokeping (on the pfSense device itself) OR Prometheus+Grafana on separate server (but agent on pfSense). With alerting on Pushover by API or email.
  • Z

    Openvpn wrapped by stunnel

    11
    1 Votes
    11 Posts
    6k Views
    V
    @akha666 Hello please how were you able to configure the stunnel to work with your OVPN. I keep trying to do the configuration on my pfsense but it doesnt work
  • L

    speedtest specific interface?

    2
    0 Votes
    2 Posts
    471 Views
    juanzelliJ
    @Lockie Run speedtest-cli -h to see the syntax. It seems you could run speedtest-cli --source <VPN IP> to test.
  • R

    Zabbix Agent 6 - problem [Interrupted system call]

    1
    0 Votes
    1 Posts
    315 Views
    No one has replied
  • A

    Package Available Error

    8
    0 Votes
    8 Posts
    1k Views
    T
    @wija86 i did not find any soulsion on it so i did reinstall my PFsense and now its working. I was stuck between 2.7.0 and 2.7.2 it did say i had the newest update but my GUI did say 2.7.0 now after the reinstall my Gui says 2.7.2 and my packages are working again.
  • W

    Got error in package manager

    Locked
    6
    0 Votes
    6 Posts
    983 Views
    W
    @SteveITS said in Got error in package manager: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors Hi Steve i already try all step in that particular link , but no luck. when i check in system --> update --> system update there is warning message " pfSense-repoc : failed to fetch the repo data
  • R

    Haproxy block user-agent

    3
    0 Votes
    3 Posts
    2k Views
    Sergei_ShablovskyS
    @rlljorge said in Haproxy block user-agent: Hello there, I would like to block some user agents in haproxy like: Baiduspider Sosospider Sogou ZumBot Yandex I found some examples in haproxy community but Didn't make work in pfsense/haproxy, example: acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent http-request deny if blockedagent And how You resolve it ?
  • M

    FreeRADIUS sync interfaces

    4
    0 Votes
    4 Posts
    2k Views
    keyserK
    @Trey said in FreeRADIUS sync interfaces: Hi all, the new sync method is synchronising everything from freeradius. This destroyed our freeradius setup in multiple branches, as it overwrote all interfaces and all eap certificates in every sync host. We have about 7 branches with the freeradius deamon running and used the sync to sync only users and NAS/clients. Was this change really intended? For me this is more a bug as a feature… Could someone clarify this? Thanks for your help If you used a common CA and Radius certificate (same thumbprint) across the different pfSense boxes, and created only a 127.0.0.1 interface in Radius, would it then not work again? You would obviously need to create a NAT rule for ports 1812/1813 on the interfaces where Radius should be present (pointing to 127.0.0.1)
  • TangoOverswayT

    Using HAProxy to redirect, but not to load balance

    3
    0 Votes
    3 Posts
    511 Views
    TangoOverswayT
    @viragomann @viragomann said in Using HAProxy to redirect, but not to load balance: But do the printers check the host name at all, or do they only simply listen on IP and port? The printers are connected to the Pi with a USB cable. They don't deal with IP at all. What does deal with anything like that is the slicer when I use it to upload to OctoPrint to print, but that's something I expected to have to deal with. Sounds like the configuration is pretty much the same as what I had to do on the Pi I was using for printing and shouldn't be too hard. Thanks - and thank you for not going into why to just use the names I give each host instead!
  • JeGrJ

    OpenVPN Client Export - feature wishlist

    1
    2 Votes
    1 Posts
    250 Views
    No one has replied
  • S

    FreeRadius: wireless access points receive no response for MAC authentication

    3
    0 Votes
    3 Posts
    679 Views
    S
    Hi @Gertjan Thank you sharing your configuration and suggestions. I'll review my config and carry out more testing with debugging on this weekend. Can I ask, are you authenticating users or devices using username and password in the 'Users' tab, and/or devices with MAC address in the MAC's tab ? Thanks, Stuart
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.