Ah, I've changed that over thanks, and yeah ill suggest to the customer to use openVPN, then we dont need the other IP for his server.

@nelsonjhone thank you for trying to help me.

I found out what was going on. I figured out that this may be caused by wrong time on my server. For a few versions of PFsense it was showing wrong time. It was always one hour behind, although a correct timezone was selected. I checked BIOS time, I replaced the CMOS battery... I started digging on the Internet and found a guy with similar problem. His solution was setting services -> NTP to both interfaces LAN and WAN. This finally fixed my time and.... traffic graphs.

THNX for helping

Humm.
Was about to edit my post but @johnpoz was to fast.

Again, I took a user "001", etc etc see my image above.

So, I checked the manual (/usr/local/www/systemuser_manager.php and /etc/inc/auth.inc where the function local_user_set() lives) and put this function in debug mode (adding $debug=1; at the start of the function).
Logging should became more verbose.
Then, I did the thing one shouldn't do, I edited (deleted the line) the user "001001:*:2057:65534:002:/home/001:/sbin/nologin in /etc/passwd.
(and removed /home/001001/ also).

From there on : I had more vebose logs ***, no more problems. I could edit - and edit again - re-edit, delete, create, edit.
I removed the debug line.
Still, all ok, the error vanished.

0_1542381916583_3e69659d-5bb7-45aa-b2ee-2256c5fe2ba6-image.png

Curious.
I have this feeling that I touched the /etc/passwd file (system == FreeBSD maintained) and after that all was ok again.
I can't explain ....

** more verbose logs in the ....... captive portal log - not the system log ...

edit : I rebooted. Could edit a user just fine.
Strange - but solved ☺

Has anyone tried to reproduce the bug?

hi;
ok i had to do this for https filtering in pfsense i generated the key in pfsense and downloaded it then sudo to ca certs folder made new folder renamed key to .crt file and a etc /cert area then did sudo update-ca-certificates (ubuntu 18.04 based distro) to import and it worked with the message no perm key found or the like,
because before doing this you can go nowhere in the net with out that key /crt in or the perm . so I killed https filter and went back to stock squid but still maybe having av scanner issue on fresh install pf 2.4.4 .
A lot has changes for me with squid and the setup so still getting pass the new stuff. swore I read https filtering has to be on now as fixed clamav scanning issue I may be wrong but it is a good thing

~ Solved yesterday.

Due to tiredness some FW and NAT Rules were not configured correct.

thanks to you. i'm reasonably proficient with BSD, but pfsense definitely saves some time even with such glitches. thumbs up for the nice work.

Then you'll probably have to reinstall. You might have added a space in there incorrectly and wiped out the entire drive.

You might connect with ssh or scp and see if /conf/config.xml is still there. If so, grab a copy, or at least try https://www.netgate.com/docs/pfsense/backup/automatically-restore-during-install.html#recover-config-xml

Thank you for the info.

I just applied the patches using the System Patches package and the configurator seems to work fine.

So It's now all working after a reboot. I don't know exactly what change made the difference. What I did was disconnect the downstream router, reset factory defaults, set up the interfaces using autodetect, and then configured the interfaces through WebGUI. After configuring the interfaces, I copied the two default rules from LAN to OPT1. I made an error first then corrected it. At this point LAN worked fine but I had no internet on OPT1.

Just so the family would have internet, I reconnected the downstream router since I ran out of time to work on it. When I came back to it later, I rebooted pfsense and everything now works. I thought I had tried that the night before, but I may not have after correcting errors in the copied firewall rules from LAN. (When I copied the rules I changed the interface from LAN to OPT1, but I forgot to also change the destination from LANnet to OPT1net.)

Thanks so much for all your help!

Here are the settings in case it helps someone else:
(Anything related to IPv6 or DHCPv6 is likely irrelevant for me as I don't think my connection supports it)

Interfaces/WAN:
IPv4 - DHCP
IPv6 - DHCP6

Interfaces/LAN:
General Configuration:
IPv4 Type - Static IPv4
IPv6 Type - Track Interface
Static IPv4 Configuration:
IPv4 Address - 192.168.1.1/24
IPv4 Upstream Gateway - None
IPv6 Configuration:
IPv6 Interface - WAN
IPv6 Prefix - 0

Interfaces/OPT1
General Configuration:
IPv4 Type - Static IPv4
IPv6 Type - None
Static IPv4 Configuration:
IPv4 Address - 192.168.3.1/24
IPv4 Upstream Gateway - None

Services/DHCP Server/LAN:
Enable - checked
Range - 192.168.1.100 to 192.168.1.199

Services/DHCP Server/OPT1:
Enable - checked
Range - 192.168.3.100 to 192.168.3.199

Services/DHCPv6 Server&RA/LAN/DHCPv6 Server
Enable - checked
Range - ::1000 to ::2000
Prefix Delegation Size - 48

Firewall/Rules/OPT1:
Edit Firewall Rule: (for first rule)
Action - Pass
Interface - OPT1
Address Family - IPv6
Protocol - Any
Source - OPT1net
Destination - any

Edit Firewall Rule: (for second rule)
Action - Pass
Interface - OPT1
Address Family - IPv4
Protocol - Any
Source - OPT1net
Destination - any

Settings for Verizon G1100 router:

My Network/Network Connections/Broadband Connection/Settings
Internet Protocol - Use the Following IP Address
IP Address - 192.168.1.200
Subnet Mask - 255.255.255.0
Default Gateway - 192.168.1.1

My Network/Network Connections/Network/Settings
Internet Protocol - Use the Following IP Address
IP Address - 192.168.2.1
Subnet Mask - 255.255.255.0
IP Address Distribution - DHCP Server
Start IP Address - 192.168.2.2
End IP Address - 192.168.2.199

Hi,

Please ignore this post. it seems 3rd time lucky on installing this. Unfortunately nothing intelligent to say on how this was resolved. i must have either made a mistake in one of the setting during the first 2 installs in Virtual Box (cant imagine what though). or something is messed up on my system or installation off VirtualBox but its resolved.
apologies to anyone having spend time reading :-)

@grimson said in Overly long string in System Information tab:

@occamsrazor said in Overly long string in System Information tab:

You can disable the Version information completely in the widget settings, or disable only the update check in the update settings. Some RTFM is in order here.

Thanks, am aware you can disable the version information pane entirely, and also the update check. I don't think I or the OP want to lose that functionality. We are just talking about the length of the "Version information updated......" string. My comment "Or I'd personally be happy to have the option not to show that info at all" referred only to that string itself - not the pane as a whole or the update check functionality.

Thanks, I do have a backup from right before the attempted update. Was just curious if there was some way to do it via SSH as well.

I think there’s an option in the advanced settings regarding an HTTPS feature called HSTS (HTTP Strict Transport Security) that will tell the browser to always use HTTPS when going to that host. I believe HSTS is enabled by default when HTTPS is enabled.

You may need to find where in your browser you can go to clear the HSTS setting for your pfSense hostname and/or IP address in order to access it without HTTPS. Or as suggested, you can always use a different browser.

FreeRADIUS should be passing Class as a string by default unless the OS you installed it on does something it shouldn't in its distribution.

FreeRADIUS on pfSense returns Class as a string and we do not alter any of the dictionaries or config to force it to be that way.

Fix your FreeRADIUS instance and it will work fine.

@grv97 if you are unable to access pfsense webgui, you have bigger issue then whatever your using as monitor not answering the zero payload monitoring ping.

BTW this thread is 2 years old, cmb is no longer with us and have not seen him around for long time - he is very active at his new home unifi forums.

You are more likely to get some help if you start your own thread with exact details of your problem.

Fresh install, all good now. Thanks fr your advise
Best
Daniel

@ivor said in Translation:

Thank you!

You're welcome!

Okey-dokey.

Though here it reads:
"Wenn nicht aktiviert, wird Port 80 automatisch auf den HTTPS Port weitergeleitet. Aktivieren, um die automatische Weiterleitung zu deaktivieren." which sounds to me, the native German speaker, the other way round.

Thanks to all who answered, I think I understand the behaviour.
And yet, I can't really see the point of this behaviour, to me at least it is unexpected. Not?

Thanks again,

Uwe