Can be closed.
ntopng is sending the messages.
It was not working with 2.6 and after the upgrade it started to work.

Sorry!

@Gertjan

That is a trivial amount of logging and has no meaningful impact on the system at all.

Whilst I do retain a single Windows 10 server it is off over 99% of the time. Otherwise I just don't do Windows OS, only the 'nix family (macOS, Linux & BSD).

☕️

@johnpoz

Thanks again. Just after I read your reply I realised I had killed the internet when little one said she couldn't stream anything on the ROKU.

I've now added rules for allowing DNS and NTP and also ping.

Thank you for taking the time to explain, its a steep learning curve. I've gone from using an ISP issue router to this in a week and learning fast how to secure my network.

Cheers
Jungle

@NogBadTheBad

Yeah ….
Was about to post @me-too
As I was also selecting “auto select interface”, as I consider this a “don’t care” choice, and was a bit surprised that my selected “IPv4” gets overridden as pfSense prefers IPV6 part of my WAN (?)

@jimp Thanks for your reply.

I did search for 'traffic' in both of them and this is the group privileges menu actually. I have reinstalled the package and rebooted after that didn't work.

I have just reinstalled again, just to make sure. But that also didn't work.

The traffic graph privilege is already assigned to this group, so that's probably why it doesn't show up. There's no privileges on the account not inherited from said group.

See here an example of one of the individual accounts under this group.
5c606339-1d6b-45f2-9c36-167c8c7200bb-image.png

@JonathanLee @jimp thx for your inputs, it was indeed the same trackerid on all the rules. i just copied and paste it on itself and deleted the old ones, now its working as expected.

thx you guys

The problem is actually a bit worse than initially reported.
The problem does not only happen after edit/save, but also after restarting the service.

Steps to reproduce configure correctly (manually add newlines) Save

Now the openvpn server runs correctly, with the extra-certs option

Go to openvpn status page (/status_openvpn.php#) Click "restart" on the openvpn service Result

The service does not restart, openvpn.log shows

Aug 23 17:11:05 fw openvpn[84943]: SIGTERM[hard,] received, process exiting Aug 23 17:11:06 fw openvpn[1001]: ERROR: Endtag </extra-certs> missing Aug 23 17:11:06 fw openvpn[1001]: Exiting due to fatal error

To fix again, go the the openvpn config page, manually add the newlines (2x), save -> service runs.

This has been fixed in commit 9270d777907048d2bfc31f4e57a01e915ff71a88

While we are at it, another problem I noticed: Rejects are not shown as such in the widget or log, they are all blocks.

Capture3.PNG

Capture1.PNG

Capture2.PNG

@MonitorGuy Fixed by changing the number of lines to view in GUI from 5000 to 1000

@Gertjan Just a FYI, it was a MTU issue. Everything was set to 9000 except for the vSwitch in esx where the pfsense was running.

@Eugene_Tar said in webConfigurator authentication error:

2.5.1

Oh boy. That one is ancient. Coming from that one I would (free advise !) re install, and while doing so, use the new, way better, ZFS file system.

@Eugene_Tar said in webConfigurator authentication error:

/cf/conf/config.xm

Make a backup copy of this file.

Then, from the console menu

Reset webConfigurator password

or even better : option 4.

Now the password is known and default.
It still doesn't work ? You're good for a complete re install. This will solve the issue for sure with just one silly side effect : we'll never known what went wrong.

@rcoleman-netgate thanks

@q54e3w
The only difference from the guide and my setup is the pi-hole. Which is one reason why I am having issues. Like I explained I had it set up and worked great before my venture to the nguvu setup.....

@KB8DOA you can give it a commit ID. Or just update pfSense as noted.
https://docs.netgate.com/pfsense/en/latest/development/system-patches.html#patch-settings

that worked worked

@viragomann ,

Thanks for your prompt reply. I will give it a try.

@conbonbur :

Like the solution of johnpoz, which needed the console or SSH access, you could also use option 15 :

0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + Netgate pfSense Plus tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell

Use a config that was made just before de deletion.

Just for my own curiosity : deleted in the GUI, you were not using it ? Something else ?

@viragomann said in "webConfigurator default" certificate:

Yes, you can restore it from a config backup.

@Gertjan said in Why is my GUI suddenly (only) available at port 4443??????????:

The fact that pointing a 192.168.55.1 at port 4443 shows the pfSense GUI means that there is a 'firewall' that is doing something.
Like redirecting incoming TCP traffic on port 4333 to TCP 443.

Yeah, seems plausible.

@jimp
Almost all of the clients are (heavily) active during the screenshot. NDP does indeed have the MAC addresses and all the devices have associated hostnames.

I can get all the correct details from the CLI and there is nothing amiss with IPv6, NDP, dhcpd.leases or dhcpd6.leases (or with IPv4 either). With the CLI I can see that everything is working as normal/expected - not so with the GUI Status display.

It's only the sparsely populated and incorrect status listed in the GUI that I am raising. Underneath the GUI everything is working just fine.

☕️

@Gertjan
Thank you very much Gertjan

I did the steps you mentioned by changing the port of http and it worked successfully.

The proxy server is working normally now and at the same time I can access webgui of pfsense.

Thank you again

@jimp said in Interfaces list longer than screen height:

It's probably set to Fixed and you'll need to change that to Scrolls with page.

Yes, was set to Fixed.
This helps, thank you @jimp

@adeparker or try removing the "bad" section from the config file:

https://forum.netgate.com/topic/180957/possible-bug-on-23-05-bulk-import-of-aliases-causes-full-brick-of-pfsense/7

@b_hammer said in Fatal Error:

/etc/inc/notices.inc(101): fopen('', 'w')

The file shouldn't be empty ( '' ) but '/tmp/noctices'

What happened is :
/etc/inc/notices.inc start be reading (including) /etc/inc/globals.inc and that didn't happen.
The most important variables aren't set (unknown) and that breaks ... pretty everything.

It's console time.
Check free disk space.
How to Run a pfSense Software File System Check (5/2020)

@provels said in Status--Monitoring remember the last setting:

@insmod Display Advanced, Save View.

That will (As OP requested) save the default view to be the current settings, but it's also worth pointing out that clicking + Add View will make a new tab for the current settings so you can quickly access multiple different graphing views without a lot of clicking/changing settings.

So you can have a tab for WAN traffic, a tab for the WAN gateway quality, a tab for memory usage, etc, etc.

Thanks for sharing, works in 23.05 👍

@enissay said in Notification support for Discord:

Any how, please advise <3

Three options:

open a redmine request at https://redmine.pfsense.org/

Offer a feature bounty in the forums for someone else to write it and get an MR (merge request) into the basecode at https://forum.netgate.com/category/30/bounties

Write one and make an MR to get it added.

I am a user of both Slack and Discord myself and have written a bot for my needs in Discord but I can tell you that it will require a number of working wheels to do it. You might want to make an IFTTT which will do translations between services.

@insmod since pfsense is designed to be managed via the web gui, while some stuff can be done via the cli, ie either consoled in or via ssh. What you can do via management is going to be limited via that.

Your best bet is to just limit who can access the gui.. Create firewall rules that only allow from say your management network, or admin machine.

For example - the web gui is only available via my lan network, only devices on my lan are my main PC, and my nas - all my other segments have no access to the web gui via simple firewall rules blocking access to "this firewall". Dns and ntp is allowed, icmp - but they can not access the web gui port or any other service on the firewall, on any IPs be it its other lan segment Ips or even its public IP from lan side networks.

example: here is a locked down segment that would have no access to the firewall gui, or anything else on any pfsense IP other than ping, dns and ntp.

lockdown.jpg

@SteveITS Got it,thanks!

@youcangetholdofjules Could be this:
https://forum.netgate.com/topic/180313/firewall-alias-import-bug-after-upgrade-to-23-05-release-amd64/6