@jimp Done. Thanks for the help.

Bug #11512 "status_dhcp_leases.php and diag_arp.php fail to load if DNS doesn't respond"

@jimp ok, will do in a few minutes

Edit:
Created - https://redmine.pfsense.org/issues/11510

@jimp said in Command Prompt output in WebGUI 2.5.0:

"top" requires an interactive console to output data on a continual basis. It can't work through the GUI. Since there is no active terminal, it only returns the header info.

Thanks - on 2.4.5. I could at least see the "frozen" process tree. Its only cosmetic - if I have a real problem I go to the ssh console.

Thanks again for your time (in these days)
and regards,
fireodo

@bobbenheim Excellent, thanks. I didn't know about the bug tracker!

@gertjan Thanks, this does make sense.

So essentially the key is to treat WebGUI session like any other regular traffic and configure as needed using firewall rules.
Thanks for pointing me in the right direction.

@viktor_g I have a double-NAT setup, pfSense is the exposed host of another router. I have set up this first router to get a new IP-address every night and a cron job in pfSense to reboot pfSense after that. pfSense is running as a gen1-VM in Hyper-V with a passed through intel-NIC (I350 Series) for WAN and LAN and is the router for my whole network at home.

Those instructions are not even for pfSense. You have broken your installation to the point where the best action to resolve it is to reinstall and restore your configuration.

@elizabethpoole I do not know what the problem is, maybe we are doing something wrong, or it is a problem in the site itself. This makes me uncomfortable, because if I don't adjust the font to fit me, I won't be able to read anything. I would be immensely happy if the option to upload a custom font was provided. It would make my life a lot easier. On https://upfonts.com/iciel-gotham-medium-font/ I found a great font that doesn't make me uncomfortable and that I can use.

@lachlanw
So I assume, the router does NAT between the pfSense LAN and the computers subnet. Does it also natting / masquerading outbound traffic towards pfSense?

Are you able to access the internet from the computer?

@gertjan Thank you so much for your kind information. Much appreciated.

Good information you have shared. True, through VPN it is the best way & secure way to access.

Once again thank you so much.

Lokesh Kamath

@topperharly
I´ve found the issue during an deep dive into the config.xml
The SSL Certs are declared in the CertManager/ and ACME List,
but aren´t stored and aren´t part of the Config Backup. So, after recreating the missing three via ACME , i was able to select them in the GUI.

Strange Behavior... but now fixed.

sometimes it´s worth to look under the hood ;)

@crock2348 I just came up against this. You can still apply the changes at https://redmine.pfsense.org/projects/pfsense/repository/revisions/e2e4c0d5452f36a3e468e43a78f2cc5316e34174/diff manually to 2.4.5-p1 which should pass the scanner

@jmikulic said in Can't start web gui after reboot:

Any idea?

yeah, a couple of million.
Shall I list them all ? ;)
Be aware, you only details your problem with the word .... problem .... :(

Most of us have forgotten all possible issues and pitfalls of the very old 2.4.4.
2020 passed, made us focussing on other things, like good VPN access etc.
( but feel free to look at the 2018/2019 parts of the forum - you decided to use an old version, up to you to go to that dusty corner )
So, what about downloading this version ?
Maybe your problems persists, but al least there will be another one pfSense user that saw the same thing, and has a solution.
You'll see ^^

@teamits Hello Steve, yes I tried with Chrome, Safari, Edge and Firefox and was the same.
Then I tried from another computer without Dashlane password manager extensions and works fine, then the problem is the Dashlane extension.
Thanks for the support.
Enjoy

From the linked page, it's these instructions, right here:

To open the firewall GUI, create a firewall rule to allow remote firewall administration.

Note: Do not create a port forward or other NAT configuration.

Firewall > Rules, WAN Tab

Action: pass
Interface: WAN
Protocol: TCP
Source: The IP address or subnet of the client, or an alias containing management hosts/networks
Destination: WAN Address
Destination port range: HTTP, HTTPS (Or the custom port)
Description: Allow remote management

Jeff

Thank you sir, I will do more research.

Thanks @Gertjan, for sharing that. The file system appears to be dirty, but since my kids are on the network now I really cannot reboot into single mode.... On my to do list for the weekend.

BTW Today I experienced the same problem again (hence my returning to this post and reading Gertjan's comment). I rebooted the SG-1100 and restarted the webgui through console. None worked, the webgui remained unavailable.

When I tried to re-apply this trick I found that the webgui setting was already set to 'http'. So I set it to 'https' : after this the webgui finally started working again! It seems that flipping this setting from https to http and back is a trick to force webgui back in business. A bug?

@ronpfs You sir are a genius. That was the ticket. Never seen that before, and not sure how it was turned on. I don't recall ever checking that. But thank you again.

I'm thinking that since they were just hidden, they've probably been forgotten about (out of sight, out of mind)... but someone should probably clean them up at some point. Either that or they're settings that need to be set for the OpenVPN config file, but they shouldn't be changed from their defaults, so they just decided to hide them so they're still set, just can't be changed (on most browsers).

@falassion Use whatever domain you want.. I use local.lan, you could use something.tld

@jimp @Rico Interesting solution, didn't think about that.

@nirmelamoud said in netgate UI stop working, page does not return:

ethernet ports lights on for 10..30 sec than off for 10..30 sec

That sounds more like it's rebooting...? You can try opening a ticket at go.netgate.com.

@gertjan said in netgate UI stop working, page does not return:

Netgate device was sold with this cable

All the models we've bought recently do. I vaguely recall it being an option in the past? I may be misremembering that though. I always leave it in its plastic bag and write on the bag so no one throws it in the cable drawer and it is lost in the neverending sea of cables. :)

I am using a virtual pfSense box, so this is not an option. And yes - using client certificates is far more secure than using a username and password combination. That way, I also don't have to physically wired to the pfSense box, even if it wasn't virtual.

I'll look at submitting a feature request. Thanks!

@bmeeks Sorry. I am an idiot :( I expected graphs to be in bits, but they were in bytes. Actually they works just fine

@jimp said in "WebCfg - System: User Password Manager" and "User - Config: Deny Config Write":

What you h

No problem. Thanks.

Thanks @jimp - I thought that was the case. I’ve been testing OpenXPKI which has role definitions. A user can request a cert and download a CA, for instance, but only an admin can actually a cert and download keys. I was hoping I might be able to accomplish the same thing with pfSense and it’s ACLs. Oh well, I’ll stick with trying to get OpenXPKI to work.

(I still think pfSense’s cert manager could it be it’s own product - it’s so much better than anything else I’ve seen so far!)

Definitely not the only one. The language is poor. "Heading Labels" or "Option Heading Labels" would be a much clearer way to describe this option than "Left Column Labels."

Why?

(1) "Left Column Labels" implies there are "Right Column Labels" and maybe "Center Column Labels." One of multiple kinds of labels, in any case, for sure. Which in fact there are not. There is one kind of label, which happens to be typeset flush left. All the qualification "Left Column" does is mislead, creating the false idea of other kinds of labels from which these are distinguished. The reader wondering what labels are referred to will be looking for an object having a "left column" instance as well as other instances.

(2) Four options up on the "General Setup" screen is the option "Dashboard Columns" to select the number of visual layout columns for the dashboard web page. "Column" here is the commonly-known typesetting and visual layout term, used for both print and visual layout on web pages, in advertising, and so on. A two-column design, a one-column ad, columns gutters margins, etc. A reader who is carefully looking down the setup page will have this idea of what a column is when they get to "Left Column Labels" below. This time, however, "column" is a technical term referring to an HTML implementation of a visual Label or Heading. It's not a visual column, it's a programming strategy to implement a visual flush-left heading label (flush-left within a single layout "column"). Even readers very familiar with columns as a low-level typesetting implementation (e.g., HTML, LaTeX) can miss the fact that the meaning of "column" has changed.

@JeGr thanks for this intervention i didn't get everything about the technology you mentionned but i will try to find informations about it.
@Gertjan thanks again for your support through this topic it helped me a lot.

right

Maybe the feature request would be something like ability to add any favicons your browsers or applications look for easy.. I personally would be more for a easy way to not have nginx log stupid shit like that ;)

I think you can do something like this

In the nginx conf where it does not log specific things if not found.. So you could list or let users edit this list so that noise like that is not logged..

To follow up on my post, I eventually realized that the Lockwise on my phone was auto-submitting the form when credentials were picked (unlike the Firefox web browser). However with a slight delay on the page load I didn't notice that and submitted the form myself (again). That explains all my symptoms.