@gil said in User Manager bug:

The xml revealed a several users on the several identical uid's
Editing it and picking random uid seems to have solved it.
Are there any restrictions regarding the format or sequencing of uid's?

They should follow the same conventions as FreeBSD user IDs. By default users on pfSense start with a uid of 2000 and go up by one for each new user.

@kom Thanks. I didn't know that was available.

I also sent an email to the Dark Reader support linking this forum thread, so maybe they'll fix the 404 issue on their end too.

@kenny-t said in Custom webgui for user manager:

Is there a place where I can start learning how to modify existing packages for these purposes?

As it is open source .... github pfsense.

There is a solution where you don't have to look at pfSense at all.
You use a captive portal. Activate it on pfSense and you're close to done.
As the identification mechanise,, don't use the build in user manager, but Freeradius. It's a pfSense package. Read all about how to use Freeradius and have it use a SQL 'scratchpad' storage.
Now, all you have to is making a front end that stores user credentials into the SQL database.
That looks very much like any other (a couple of billion) web site on the Internet. They are nearly all based on a web server, a bunch of PHP scripts and a SQL back end.
Now, all you have to do is learning how (Free)Radius works .... that's a though one, but still far more easier as learning what pfSense is/does from a programming point of view.

@edit : busted by @JeGr ;)

Many many thanks for this tutorial!

perhaps an option would be to enable one of the nic/ports as console port. Not sure if this will be feasible and or practically possible. [as some devices do not have vga/console rj45 port], by default.

@nexo thanks

@samemac

Test your configuration ;)
Save (export) it - and keep it on a safe place.
Instead of re installing, which is, as you said, a last resort, you could use Diagnostics > Factory Defaults
After pfSense rebooted, you should :

And do nothing more.

You'll be online - and packages show up just fine now.

I can already tell you right now, that as soon as 'import' your saved config, you'll be back at square one.

Apply your config back into the system, manually.
One by one.
Test after every step.
As soon as breaks, you found your issue.

Several tips :

This one :

6541715a-dd93-44dc-b028-ef1c453f36de-image.png

Do you have a reason to inform the entire world what your DNS requests are ?
The perfect setting is : do not add/change/whatever any DNS settings. It's not needed.

18944378-c10b-4b3a-933f-64d67884f94e-image.png

Try Hybrid mode first.

The last firewall rule on your WAN rule is very scary.
You might as well remove pfSense from your network.

Just had the same symptons yet again, but with a slightly different error.

Jul 6 17:22:30 nginx 2021/07/06 17:22:30 [crit] 12149#100205: *772 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: IP, server: 0.0.0.0:443

This happened while I was logged into the gui, hadn't made any changes yet, but was just looking around.

As always, the connection to the gui dies, then my computer can no longer get to the internet. After reboot, (probably rebooting the web gui) resolves the issue.

At this point I believe this is a bug in the pfsense web software.

Hello everyone,

we have performed further tests, among other things we tested version 2.5.0, which shows the same problem.

I would be glad about any input or ideas you may provide me with!

Regards,
Timo

@jgdgzpqatddjpa said in 502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules:

@bmeeks

In process...

Darn thing gave me the 3 endless flashing blue lights

Hard rebooted it. Yes not a good idea, but its back up

and.... The patch fixed the issue.

Thank you!!!

Yeah, my experience with the SG-3100 is that it takes a LONG time to boot, and every now and then, you need to hard cycle the power (after waiting a very long time).

Thanks,

I was able to resolve by reinstalling pfsense and restoring the config.

@gertjan Not in my case. Only one interface exists. WAN. And it's virtio.

I will see how 2.5.2 goes. Any day now. :)

Thanks for the more detailed explanation. Now I see what the problem is.

pfBlocker and Snort both beat the crap out of the configuration system writing to it on such a frequent basis that ACB becomes pretty much useless. I discussed ways to address this with the package maintainers some time ago but so far the problem still exists.

For this reason there is a filter in the ACB system that rejects backups if the "Reason" parameter contains "pfblocker", "snort" or "minicron".

pfSense is supposed to display an error message stating that the backup was rejected, but this seems to be broken. I'll try to get that fixed ASAP.

For now, please ensure you backup "Reason" does not include those terms.

@kom I defaulted the Admin Access TCP port line. It is working fine for now after I did the option 15 thing
on all the entries it had.

Thanks