webGUI

• 

  Cert Manager Layout
  • Gil  

  6
  0
  Votes
  6
  Posts
  70
  Views

  

  Nice feature, thanks. -Rico
• C

  android traffic graphs
  • cova16  

  5
  0
  Votes
  5
  Posts
  45
  Views

  C

  @kom Hi Yeah, it's a little weird, I'll look for a phone with a newer version of android and do the test. Thanks.
• Q

  [SOLVED] Switch Authentication Server for webGUI back to localdatabase via CLI/SSH
  • qsthensel  

  2
  0
  Votes
  2
  Posts
  24
  Views

  Q

  forget my question. I should read the whole doc before asking... https://docs.netgate.com/pfsense/en/latest/usermanager/locked-out-of-the-webgui.html#ldap-authentication-problems
• B

  webGUI slow but only main page
  • bluepr0  

  3
  0
  Votes
  3
  Posts
  79
  Views

  B

  @gertjan thanks! I've checked that post but it seems in that case he's waiting quite a few of seconds. I'm waiting here like a 2 seconds or so to load the main web page, while the others are loading almost instantly. In any case I've tried removing the DNS (I had 1.1.1.1 and 8.8.8.8 on General setup) and disabled automatic updates checker. Still same problem. I'm guess this is just normal
• B

  Update SSL Certificate from command line
  • berbec  

  16
  0
  Votes
  16
  Posts
  1445
  Views

  M

  how about, installing ssl cert in debian os
• O

  Notifications via 365?
  • orangehand  

  11
  0
  Votes
  11
  Posts
  141
  Views

  O

  1st & 3rd fields are my email address, so From: and Notification:
• D

  Traffic graphs on home page not showing network traffic....
  • david_harrison  

  1
  0
  Votes
  1
  Posts
  46
  Views

  No one has replied

• 

  webGUI log in extremely slow
  • adamw  

  18
  0
  Votes
  18
  Posts
  651
  Views

  

  You did see that the issue in this thread was resolved ?
• A

  AD users cannot login
  • artware  

  1
  0
  Votes
  1
  Posts
  47
  Views

  No one has replied

• H

  404 NOT FOUND!!!
  • Hugel  

  15
  0
  Votes
  15
  Posts
  1288
  Views

  

  I'm going to lock this thread. Yes you need to update, the sooner the better; your perimeter defense is old, insecure, and out of date.
• 

  Bind webGUI only to certain interfaces
  • dam034  

  27
  0
  Votes
  27
  Posts
  395
  Views

  

  @dam034 said in Bind webGUI only to certain interfaces: The pfsense machine WAN IP is private, and I'm now trying from another pc in the same LAN as pfsense's WAN interface. Is there any mistake? No mistake at all. Look at your firewall rules. The first rule is put in place 'automatically' when you check this option on the WAN interface. Here it is : So, when this box is checked - yours is checked - local IP's like (192.168./16 10/8 etc) are blocked. The counter in front of your first rule indicates it is blocking "something". These must be your attempts to use your phone to connect to the GUI. When you use your phone, you use some real WAN IP (an address IPv4 that is addressable on the Internet). The connection comes in on your first router, probably the one your ISP gave to you, or some other upstream device. This device NAT's to the pfSense WAN IP - and this IP is a "RFC 1918" class IP. pfSense, according to your instructions, blocks these IP's. Btw : before you ask : the second rule will not bother you, although it's a nice exercise to know who's triggering that rule ^^
• A

  How can I create a "User" using the command line?
  • ahmedibrahim  

  8
  0
  Votes
  8
  Posts
  126
  Views

  N

  I'd be tempted to create student001 to student100. You may be able to get clever and create student001 via the GUI, do a backup and take a text editor to the XML file to create the other 99 accounts. <config> <sortable></sortable> <varusersusername>student1</varusersusername> <varuserspassword>student1</varuserspassword> <varuserspasswordencryption>Cleartext-Password</varuserspasswordencryption> <varusersmotpenable></varusersmotpenable> <varusersauthmethod>motp</varusersauthmethod> <varusersmotpinitsecret></varusersmotpinitsecret> <varusersmotppin></varusersmotppin> <varusersmotpoffset></varusersmotpoffset> <qrcodetext></qrcodetext> <varuserswisprredirectionurl></varuserswisprredirectionurl> <varuserssimultaneousconnect></varuserssimultaneousconnect> <description></description> <varusersframedipaddress></varusersframedipaddress> <varusersframedipnetmask></varusersframedipnetmask> <varusersframedroute></varusersframedroute> <varusersvlanid></varusersvlanid> <varusersexpiration></varusersexpiration> <varuserssessiontimeout></varuserssessiontimeout> <varuserslogintime></varuserslogintime> <varusersamountoftime></varusersamountoftime> <varuserspointoftime>Daily</varuserspointoftime> <varusersmaxtotaloctets></varusersmaxtotaloctets> <varusersmaxtotaloctetstimerange>daily</varusersmaxtotaloctetstimerange> <varusersmaxbandwidthdown></varusersmaxbandwidthdown> <varusersmaxbandwidthup></varusersmaxbandwidthup> <varusersacctinteriminterval></varusersacctinteriminterval> <varuserstopadditionaloptions></varuserstopadditionaloptions> <varuserscheckitemsadditionaloptions></varuserscheckitemsadditionaloptions> <varusersreplyitemsadditionaloptions>Class := &quot;admins&quot;</varusersreplyitemsadditionaloptions> </config>```
• R

  Cannot add view under Status->Monitoring
  • revengineer  

  3
  1
  Votes
  3
  Posts
  257
  Views

  R

  I can attest to this behaviour. There's a bug in the monitoring page where it can get into this state where no new views can be added, claiming to succeed but failing silently.
• R

  Setting firewall log size: Fatal error: Uncaught Error: Cannot use string offset as an array in /usr/local/www/status_logs_common.inc:668
  • rgijsen  

  3
  0
  Votes
  3
  Posts
  52
  Views

  R

  Thanks for the quick reply! I totally missed that. For now I edited config.xml's syslog section, and sure enough it works perfectly fine now!
• L

  Feature Request: DHCP recycle buttons on Dashboard
  • LeftCoastGeek  

  1
  0
  Votes
  1
  Posts
  88
  Views

  No one has replied

• C

  pfSense Classic Orange Theme
  • cheesyboofs  

  6
  1
  Votes
  6
  Posts
  885
  Views

  C

  Hi Mate, If you check out my other thread that has a bit more information, https://forum.netgate.com/topic/118855/new-theme-pfsense-dark-orange Plus a downloadable zip file. You need to right click on the hyperlink and select save as rather than just clicking on the link as that throws up an error. Cheers
• M

  Login protection for webGUI
  • maoe-tsuru  

  7
  0
  Votes
  7
  Posts
  219
  Views

  M

  OpenVPN server, ones started is pretty stable and solid. I just read the OpenVPN section of the pfSense book. It seems like OpenVPN on pfSense with multi-WAN is the way to go.
• L

  Cannot Backup XML Configuration
  • LeiShen  

  4
  0
  Votes
  4
  Posts
  128
  Views

  L

  Thanks everyone! I only have about a dozen extensions in Chrome, so I went through each one and disabled them until I found the culprit: Free Download Manager. That one used to work... So I've disabled that extension for pfSense and everything is happy now. I'll trundle over to FDM forum and post a bug report there. Thanks again!
• R

  (Solved) Dashboard traffic not consistent with Status > Traffic Graph
  • Raffi_  

  9
  0
  Votes
  9
  Posts
  246
  Views

  R

  @jdillard Thank you! Awesome, that was quick. I have my box set to stable branch. I'll take a look at that in the next stable release.
• T

  Automating Certificate imports with letencrypt script
  • tylerhoadey  

  18
  0
  Votes
  18
  Posts
  8836
  Views

  L

  @hvisage said in Automating Certificate imports with letencrypt script: enewAll weekly/monthly from cron, followed by Hi @hvisage thats script still alive? it work on recent vertions?? i'm stating to automate the copy of my acme generated certificates on one pfsense/dns server to other servers web, mail on my network, i'm looking for some solutions scripting for that end... ofther runn my script it give to me some error related permission over config.xml and config.cache so thats permissions cant be changed by a regular user. has ben pass 2 years of this post but never is late to make the work fine ... thanks
• 

  Status / Monitoring does not show anything
  • _neok  

  4
  0
  Votes
  4
  Posts
  231
  Views

  

  @chrismacmahon Thank you for answering. I'd already done it. But just to confirm, I installed a new Opera browser and tried. Same issue . Definitely a pfSense problem. I just don't know how to track it. Could it be that there is some process or scheduled task that collects that data that is failing?
• S

  reuse DHCP leases list?
  • Sir-Silence  

  1
  0
  Votes
  1
  Posts
  105
  Views

  No one has replied

• B

  WebGUI unavailable after ip change
  • billmcg  

  2
  0
  Votes
  2
  Posts
  145
  Views

  

  Yes, flushing the browser cache fixes many Web-related glitches.
• V

  Setting issue or bug?
  • Visseroth  

  11
  0
  Votes
  11
  Posts
  531
  Views

  C

  Thank god i found out this thread :) I was thinking, that something is wrong with my custom pfSense box, but i can confirm, that this issues still resides. If I started a download in Firefox and then used the same Firefox browser to view the dashboard for the traffic graphs - the download would slow down a lot. When i view the dashboard from Chrome, no problem with speed. using: 2.4.4-RELEASE-p1 (amd64) built on Mon Nov 26 11:40:26 EST 2018 FreeBSD 11.2-RELEASE-p4 EDIT: with the latest Firefox 64.0 version, the issue is gone!
• J

  Chrome is still trying to access web gui with ssl
  • jnic  

  2
  0
  Votes
  2
  Posts
  169
  Views

  

  Try clearing your cookies etc, try using Incognito mode, try using a different browser. It's not a pfSense issue.
• T

  Suricata cannot change HOME NET list?
  • tomstephens89  

  11
  0
  Votes
  11
  Posts
  445
  Views

  

  @justme2 In general, third-party tools are not the best idea on a firewall. pfSense includes a number of useful API-type function calls for parsing network masks and addresses and performing other types of IP address related functions. Take a look at the include files and functions in the /etc/inc directory on your firewall. See if the built-in functions will work for you first. You can also use any built-in PHP calls.
• Z

  Webgui does not start after reboot
  • zorrox  

  13
  0
  Votes
  13
  Posts
  454
  Views

  Z

  After a few hours, my pfsense is magically accessible on port 444 again. I think it did not change the port to default when I tried it the first time because it was not responding when I saved the change. So I have tried saving it with the default port 443 again and now it is working, I can access the openvpn and webgui on port 443 from my WAN interface. However I think it is not safe to expose the webgui to Internet so I revert to 444. I cannot restrict 443 to certain IP addresses as I want OpenVPN accessible from anywhere.
• F

  LDAP failed Diagnostics-Authentication
  • fayRofa  

  1
  0
  Votes
  1
  Posts
  106
  Views

  No one has replied

• N

  PFSENSE : Disable WAN WebGUI on Virtual IP port for use later
  • nathansj26  

  11
  0
  Votes
  11
  Posts
  461
  Views

  J

  FWIW - submitted it and the response was a bit disheartening. Apparently a ticket has been open over 8 years ago on this issue. A work-around was suggested. The primary issue with "work arounds" is that at some point when a firewall's configuration is complex enough - it begins to look like a spaghetti mess. Some years ago was tasked with auditing and cleaning up a firewall where it was on the order of somewhere around 36k lines. Every change to code on a product has a cost, but hopefully at some point this issue (and like issues) will be resolved so that work arounds aren't required. Not to mention the fact that adding unnecessary complexity simply aids in the probability of mistakes or inadvertent passing of unintended packets. There's an interesting line between simplicity and the ability to provide enough "configure-ability" to meet a variety of needs.
• M

  board panel : long, looooong time to load...
  • megs  

  4
  0
  Votes
  4
  Posts
  157
  Views

  

  Bas DNS still has impacts these days ^^
• P

  Web GUI SSL error ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  • philled  

  8
  0
  Votes
  8
  Posts
  477
  Views

  R

  Mea Culpa. Laptops loaded with BITDEFENDER 2019 are using encrypted web scan protection even when an exception is loaded for PFSENSE firewall which is triggering the error. Turning off encrypted web scan under online web protection allows the correct self-signed security error under the browsers which may be overridden. Thanks for all. Off I go to Bitdefender to ask them to truly honor added exceptions. Sigh.
• 

  Can not access: System Advanced
  • icabrera  

  3
  0
  Votes
  3
  Posts
  208
  Views

  

  @kom thanks a lot for your help, I did the hard refresh and rebooted the system and the problem has gone.
• 

  disabling NAT redirect entry clears description in associated rule
  • adamw  

  1
  0
  Votes
  1
  Posts
  94
  Views

  No one has replied

• 

  2.4.4: Secure Shell Public Key Settings Not Generating Key
  • beremonavabi  

  6
  0
  Votes
  6
  Posts
  215
  Views

  

  I'm pretty sure this is fixed with 2.4.4_1. The error messages have gone away and when I reset the options the system paused for quite some time. I'm assuming it was generating the keys. I didn't get any message about key generation, though.
• R

  Slow GUI
  • rmessina  

  6
  0
  Votes
  6
  Posts
  1116
  Views

  R

  Hello Guys, I did had the same problem before, notice the pfsense was routing the tracfic to the wrong gateway check your configurations under System-->Routing make sure the pfsense is pointing to the correct gateway let me know if that help Thanks.
• 

  Can't Access pfSense Interface When Using 10GbE NIC
  • ARAMP1  

  7
  0
  Votes
  7
  Posts
  249
  Views

  

  @aramp1 Good work! Bravo
• X

  SSL_ERROR_NO_CYPHER_OVERLAP when trying to connect to webgui
  • xenicle  

  43
  1
  Votes
  43
  Posts
  2499
  Views

  J

  @crbon said in SSL_ERROR_NO_CYPHER_OVERLAP when trying to connect to webgui: When the access the same IP 192.168.1.1 from my PC (running Bitdefender AV) I get the SSL_ERROR_NO_CYPHER_OVERLAP error message instead, and there is no way to bypass it. So that means the AV (Bitdefender in this case) is messing with the connection/certificate as a defense mechanism? (I have ntopng installed as per @jgravert 's reference to the other thread) Defiantly Bitdefender Scan SSL (Encrypted web scan) is active. You may need to flushdns, cache, then restart your browser after turning off Scan SSL in Bitdefender. I had to in order to get mine working again. Alternatively if you get new CA and Certificates then install them on your PC it shouldn't matter if Scan SSL is active. If that doesn't work you may need to completely remove Bitdefender from the PC then reinstall it.
• P

  Fatal Error Selecting DNS Forwarder
  • pfnewb2016  

  5
  0
  Votes
  5
  Posts
  401
  Views

  P

  I restored a backup and then was careful to not enable DNS Forwarder while DNS Resolver was already enabled.
• D

  WAN interface only to be manged
  • Dafoxx  

  16
  0
  Votes
  16
  Posts
  370
  Views

  D

  Ah, I've changed that over thanks, and yeah ill suggest to the customer to use openVPN, then we dont need the other IP for his server.
• F

  Traffic graph issue
  • Fishrman  

  6
  0
  Votes
  6
  Posts
  302
  Views

  F

  @nelsonjhone thank you for trying to help me. I found out what was going on. I figured out that this may be caused by wrong time on my server. For a few versions of PFsense it was showing wrong time. It was always one hour behind, although a correct timezone was selected. I checked BIOS time, I replaced the CMOS battery... I started digging on the Internet and found a guy with similar problem. His solution was setting services -> NTP to both interfaces LAN and WAN. This finally fixed my time and.... traffic graphs. THNX for helping