How to: Fix pfSense Update stuck at Executing custom_php_install_command()…

The Issue

When updating package e.g. squidGuard from pfSense Web GUI, it stuck at “Executing custom_php_install_command()…” for very long time

Note: (This fix can be used to fix other package installation with similar issue, we just need to find the correct process name and replace “squidGuard”)

The Fix

1 We need to login to pfSense via SSH or physically via terminal in order to use following command to terminate the update process

Note: Once logon to pfSense via SSH or terminal (username:root password: [Usually your Web GUI password]), we need to enter 8, then hit Enter key to use shell

pfSense via SSH
pfSense via SSH

2 Execute following command to kill all squidGuard related processes (Note it will kill some squid processes as well but that should not be a problem)

kill $(ps aux | grep '[s]quidGuard' | awk '{print $2}')

3 Warning: Make sure you have backed up you pfSense configuration before proceeding with following steps

4 From pfSense Web GUI menu, we navigate to Package Manager – Installed Packages, find squiGuard, uninstall it, after the uninstallation finished, we install it from Available Packages again

5 Now we should have squidGuard installed successfully and running, if we have configured squidGuard in advance, squidGuard should have loaded the configuration already.


How to: Fix pfSense “vnstatd Status Traffic Totals data collection daemon” not Starting

The Issue

Can’t start “vnstatd Status Traffic Totals data collection daemon”

pfSense - vnstatd refuse to start
pfSense – vnstatd refuse to start

The Fix

1 From menu bar, navigate to “Status – Traffic Totals”

pfSense - Menu bar
pfSense – Menu bar
pfSense - Menu bar - Status - Traffic Totals
pfSense – Menu bar – Status – Traffic Totals

2 Click on “Display Advanced”

pfSense - Status - Traffic Totals
pfSense – Status – Traffic Totals

3 Click on “Enable Graphing”

pfSense - Status - Traffic Totals - Enable Graphing
pfSense – Status – Traffic Totals – Enable Graphing

4 Now we can see, Traffic Totals started running

Traffic Totals started running
Traffic Totals started running
Traffic Totals started running
Traffic Totals started running

ntopng error on pfSense – ntopng requires redis server to be up and running

The Error

ntopng        [Redis.cpp:113] ERROR: to specify a redis server other than the default
ntopng        [Redis.cpp:112] ERROR: Please start it and try again or use -r
ntopng        [Redis.cpp:111] ERROR: ntopng requires redis server to be up and running
ntopng error on pfSense
ntopng error on pfSense

The Fix

1 Login to pfSense via SSH or console or web GUI

1.1 If using web GUI, navigate to “Diagnostics -> Command Prompt” type following command

rm -rf /var/db/ntopng
pfSense -> Command Prompt
pfSense -> Command Prompt

2 Now try to start ntopng from Services Status widget

3 The ntopng service should be able to started successfully

pfSense - Services Status - ntopng
pfSense – Services Status – ntopng

[GUIDE] IKEv2/IPSec, Per user firewall rule settings with FreeRADIUS

1. Follow the “IKEv2 with EAP-MSCHAPv2” https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 from pfsense, to create a working IKEv2/IPsec VPN server first.
2. Install Freeradius2 on pfsense.
3. Once tested and working, some changes need to be made, so that the IKEv2/IPsec VPN will use radius to authenticate clients instead of local database. (Google some pfsense freeradius configuration guide)


Assume IKEv2/IPsec is working with freeradius.

Configure per user rules.
Create user1 and user2, user1 will have access to internal LAN and internet, user2 will only have internet access, not internal LAN access.
In real world case, user1 can be the pfsense owner/administrator, user2 can be friends who you want to give VPN.

1. Create user1 and user2 in Services -> FreeRADIUS -> Users.
user1
Put Username: user1, Password: password, IP Address: 10.1.2.1, Subnet Mask: 255.255.255.0, Gateway: 0.0.0.0/0 192.168.0.1 1
0.0.0.0/0 “Gateway address here (Address of pfsens box’s, not external gateway)” 1
Save

user2
Put Username: user2, Password: password, IP Address: 10.1.3.1, Subnet Mask: 255.255.255.0, Gateway: 0.0.0.0/0 192.168.0.1 1
0.0.0.0/0 “Gateway address here (Address of pfsens box’s, not external gateway)” 1
Save

Now, when user1 login, virtual IP address 10.1.2.1 will be assigned. When user2 login, virtual IP address 10.1.3.1 will be assigned.

2. Give internet access to two users, System -> Routing Static Routes
Add two different new static route for VPN client user1 and user2 to use, so that both client can have internet access from pfsense box.

Static Route1
Destination network: 10.1.2.0/24
Gateway: WAN_PPPOE – xxx.xxx.xxx.xxx (Your pfsense gateway, the one that you used to get internet access)
Save

Static Route2
Destination network: 10.1.3.0/24
Gateway: WAN_PPPOE – xxx.xxx.xxx.xxx (Your pfsense gateway, the one that you used to get internet access)
Save

3. Create firewall rules, Firewall -> IPsec
Create DNS rule, Action: Pass, Interface: IPsec, Address Family: IPv4, Protocol: TCP/UDP, Source: Any, Destination: This firewall (self), Destination Port Range: From 53 to 53.
Save

Create block rule, so that user2 won’t be able to access our LAN, Action: Reject, Interface: IPsec, Address Family: IPv4, Protocol: Any, Source: Network 10.1.3.0/24, Destination: LAN net.
Save

Create rule for allowing other traffic (internet etc.), Action: Pass, Interface: IPsec, Address Family: IPv4, Protocol: Any, Source: Any, Destination: Any
Save


Now user1 will have full access, LAN and internet, user2 will have internet access only, no LAN access.
To create more accounts for friends, just use same steps form step 1, assign them IP range from 10.1.3.2 to 10.1.3.254 will be fine.

TPG NBN modem with pfSense

How to use pfSense with TPG NBN modem


Create an VLAN, Interface -> Assignments -> VLANs -> Add.

Parent Interface: Use your WAN interface (mine is igb0)

VLAN Tag: 2

VLAN Priority: 0 (Make sure it’s 0, or connection will fail)

pfSense VLAN editing page screenshot

Create a PPP, Interface -> Assignment -> PPPs -> Add.

Link Type: PPPoE

Link Interface: The VLAN you set up before.

Username: TPG Username

Password: TPG Password

pfSense PPPs/PPPoE editing page screenshot

Configure the WAN port.

Description: WAN

IPv4 Configuration Type: PPPoE

MTU: 1500

MSS: 1492

Username: TPG Username

Password: TPG Password

pfSense WAN interface editing page screenshot

Now you can connect to internet through pfSense -> NBN Modem/NBN HFC connection box (Usually a small black box) -> HFC cable connected to wall

[Originally it should be TPG supplied WiFi router -> NBN Modem/NBN HFC connection box (Usually a small black box) -> HFC cable connected to wall]