I think it is either the pfBlocker- or the NUT widget.

@gjaltemba: The GUI protocol may be reset from the console. Choose to reset the LAN IP, enter the same IP, and it will prompt to reset the WebGUI back to HTTP. https://doc.pfsense.org/index.php/Locked_out_of_the_WebGUI#HTTP_vs_HTTPS_confusion Thankyou very much @gjaltemba I fixed it  ;D ;D ;D

Problem was definately a failing drive which was NOT reported in the dashboard!!!  >:( So, off to make another post [image: Failing.JPG] [image: Failing.JPG_thumb]

there is no error… this is whole log for "dmesg" Copyright (c) 1992-2016 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994         The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May  3 16:09:14 CDT 2017     root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense amd64 FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)   Origin="AuthenticAMD"  Id=0x500f20  Family=0x14  Model=0x2  Stepping=0   Features=0x178bfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>Features2=0x802209 <sse3,mon,ssse3,cx16,popcnt>AMD Features=0x2e500800 <syscall,nx,mmx+,ffxsr,page1gb,rdtscp,lm>AMD Features2=0x35ff <lahf,cmp,svm,extapic,cr8,abm,sse4a,mas,prefetch,ibs,skinit,wdt>SVM: NP,NRIP,NAsids=8   TSC: P-state invariant, performance statistics real memory  = 4815060992 (4592 MB) avail memory = 4080889856 (3891 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: <core  coreboot="">FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) cpu0 (BSP): APIC ID:  0 cpu1 (AP): APIC ID:  1 random: <software, yarrow="">initialized ioapic0 <version 2.1="">irqs 0-23 on motherboard wlan: mac acl policy registered ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff806209b0, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80620a60, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80620b10, 0) error 1 iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80647cb0, 0) error 1 iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80647d60, 0) error 1 iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff80647e10, 0) error 1 netmap: loaded module kbd0 at kbdmux0 module_register_init: MOD_LOAD (vesa, 0xffffffff81017160, 0) error 19 cryptosoft0: <software crypto="">on motherboard padlock0: No ACE support. acpi0: <core coreboot="">on motherboard acpi0: Power Button (fixed) cpu0: <acpi cpu="">on acpi0 cpu1: <acpi cpu="">on acpi0 atrtc0: <at realtime="" clock="">port 0x70-0x71 irq 8 on acpi0 Event timer "RTC" frequency 32768 Hz quality 0 attimer0: <at timer="">port 0x40-0x43 irq 0 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 hpet0: <high precision="" event="" timer="">iomem 0xfed00000-0xfed003ff on acpi0 Timecounter "HPET" frequency 14318180 Hz quality 950 Event timer "HPET" frequency 14318180 Hz quality 550 Event timer "HPET1" frequency 14318180 Hz quality 450 pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0 pci0: <acpi pci="" bus="">on pcib0 pcib1: <acpi pci-pci="" bridge="">irq 16 at device 4.0 on pci0 pci1: <acpi pci="" bus="">on pcib1 re0: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">port 0x1000-0x10ff mem 0xf7a00000-0xf7a00fff,0xf7900000-0xf7903fff irq 16 at device 0.0 on pci1 re0: Using 1 MSI-X message re0: ASPM disabled re0: Chip rev. 0x2c000000 re0: MAC rev. 0x00200000 miibus0: <mii bus="">on re0 rgephy0: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface="">PHY 1 on miibus0 rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow re0: Using defaults for TSO: 65518/35/2048 re0: Ethernet address: 00:xx:xx:xx:xx:74 re0: netmap queues/slots: TX 1/256, RX 1/256 pcib2: <acpi pci-pci="" bridge="">irq 17 at device 5.0 on pci0 pci2: <acpi pci="" bus="">on pcib2 re1: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">port 0x2000-0x20ff mem 0xf7c00000-0xf7c00fff,0xf7b00000-0xf7b03fff irq 17 at device 0.0 on pci2 re1: Using 1 MSI-X message re1: ASPM disabled re1: Chip rev. 0x2c000000 re1: MAC rev. 0x00200000 miibus1: <mii bus="">on re1 rgephy1: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface="">PHY 1 on miibus1 rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow re1: Using defaults for TSO: 65518/35/2048 re1: Ethernet address: 00:xx:xx:xx:xx:75 re1: netmap queues/slots: TX 1/256, RX 1/256 pcib3: <acpi pci-pci="" bridge="">irq 18 at device 6.0 on pci0 pci3: <acpi pci="" bus="">on pcib3 re2: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">port 0x3000-0x30ff mem 0xf7e00000-0xf7e00fff,0xf7d00000-0xf7d03fff irq 18 at device 0.0 on pci3 re2: Using 1 MSI-X message re2: ASPM disabled re2: Chip rev. 0x2c000000 re2: MAC rev. 0x00200000 miibus2: <mii bus="">on re2 rgephy2: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface="">PHY 1 on miibus2 rgephy2:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow re2: Using defaults for TSO: 65518/35/2048 re2: Ethernet address: 00:xx:xx:xx:xx:76 re2: netmap queues/slots: TX 1/256, RX 1/256 ahci0: <amd sb7x0="" sb8x0="" sb9x0="" ahci="" sata="" controller="">port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xf7f04000-0xf7f043ff irq 19 at device 17.0 on pci0 ahci0: AHCI v1.20 with 6 6Gbps ports, Port Multiplier supported ahci0: quirks=0x22000 <ati_pmp_bug,1msi>ahcich0: <ahci channel="">at channel 0 on ahci0 ahcich1: <ahci channel="">at channel 1 on ahci0 ahcich2: <ahci channel="">at channel 2 on ahci0 ahcich3: <ahci channel="">at channel 3 on ahci0 ahcich4: <ahci channel="">at channel 4 on ahci0 ahcich5: <ahci channel="">at channel 5 on ahci0 ohci0: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f00000-0xf7f00fff irq 18 at device 18.0 on pci0 usbus0 on ohci0 ehci0: <amd sb7x0="" sb8x0="" sb9x0="" usb="" 2.0="" controller="">mem 0xf7f04400-0xf7f044ff irq 17 at device 18.2 on pci0 usbus1: EHCI version 1.0 usbus1 on ehci0 ohci1: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f01000-0xf7f01fff irq 18 at device 19.0 on pci0 usbus2 on ohci1 ehci1: <amd sb7x0="" sb8x0="" sb9x0="" usb="" 2.0="" controller="">mem 0xf7f04500-0xf7f045ff irq 17 at device 19.2 on pci0 usbus3: EHCI version 1.0 usbus3 on ehci1 isab0: <pci-isa bridge="">at device 20.3 on pci0 isa0: <isa bus="">on isab0 pcib4: <acpi pci-pci="" bridge="">at device 20.4 on pci0 pci4: <acpi pci="" bus="">on pcib4 ohci2: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f02000-0xf7f02fff irq 18 at device 20.5 on pci0 usbus4 on ohci2 pcib5: <acpi pci-pci="" bridge="">at device 21.0 on pci0 pci5: <acpi pci="" bus="">on pcib5 ohci3: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f03000-0xf7f03fff at device 22.0 on pci0 usbus5 on ohci3 ehci2: <amd sb7x0="" sb8x0="" sb9x0="" usb="" 2.0="" controller="">mem 0xf7f04600-0xf7f046ff at device 22.2 on pci0 usbus6: EHCI version 1.0 usbus6 on ehci2 acpi_button0: <power button="">on acpi0 orm0: <isa option="" rom="">at iomem 0xee800-0xeffff on isa0 gpioapu0: Environment returned APU gpioapu0: Address on reg 0x24 is 0xfed80000/4275568640 gpioapu0 at iomem 0xfed80100-0xfed801ff on isa0 ppc0: cannot reserve I/O port range uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 uart0: console (115200,n,8,1) uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0 Timecounters tick every 1.000 msec random: unblocking device. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 480Mbps High Speed USB v2.0 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 480Mbps High Speed USB v2.0 ugen0.1: <ati>at usbus0 uhub0: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0 ugen1.1: <ati>at usbus1 uhub1: <ati 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus1 ugen2.1: <ati>at usbus2 uhub2: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus2 ugen3.1: <ati>at usbus3 uhub3: <ati 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus3 usbus4: 12Mbps Full Speed USB v1.0 usbus5: 12Mbps Full Speed USB v1.0 usbus6: 480Mbps High Speed USB v2.0 ugen4.1: <ati>at usbus4 uhub4: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus4 ugen5.1: <ati>at usbus5 uhub5: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus5 ugen6.1: <ati>at usbus6 uhub6: <ati 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus6 uhub4: 2 ports with 2 removable, self powered uhub0: 5 ports with 5 removable, self powered uhub2: 5 ports with 5 removable, self powered uhub5: 4 ports with 4 removable, self powered uhub6: 4 ports with 4 removable, self powered uhub1: 5 ports with 5 removable, self powered uhub3: 5 ports with 5 removable, self powered ugen6.2: <generic>at usbus6 umass0: <generic 0="" 2="" flash="" card="" readerwriter,="" class="" 0,="" rev="" 2.01="" 1.00,="" addr="">on usbus6 ada0 at ahcich0 bus 0 scbus0 target 0 lun 0 ada0: <kingston sms200s360g="" 603abbf0="">ATA8-ACS SATA 3.x device ada0: Serial Number 500xxB7xxxx7Fxx6 ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes) ada0: Command Queueing enabled ada0: 57241MB (117231408 512 byte sectors) ada0: Previously was known as ad4 da0 at umass-sim0 bus 0 scbus6 target 0 lun 0 da0: <multiple card ="" reader="" 1.00="">Removable Direct Access SPC-2 SCSI device da0: Serial Number 058Fxxx66485 da0: 40.000MB/s transfers da0: Attempt to query device size failed: NOT READY, Medium not present da0: quirks=0x2 <no_6_byte>SMP: AP CPU #1 Launched! Timecounter "TSC" frequency 1000022612 Hz quality 800 Trying to mount root from ufs:/dev/ufsid/540d00482592bf04 [rw]... padlock0: No ACE support. aesni0: No AESNI support. re1: link state changed to DOWN re0: link state changed to DOWN tun2: changing name to 'ovpns2' ovpns2: link state changed to UP pflog0: promiscuous mode enabled re0: link state changed to UP re1: link state changed to UP re2: link state changed to DOWN re0: link state changed to DOWN re0: link state changed to UP /code]</no_6_byte></multiple></kingston></generic></generic></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></isa></power></amd></amd></acpi></acpi></amd></acpi></acpi></isa></pci-isa></amd></amd></amd></amd></ahci></ahci></ahci></ahci></ahci></ahci></ati_pmp_bug,1msi></amd></rtl8169s></mii></realtek></acpi></acpi></rtl8169s></mii></realtek></acpi></acpi></rtl8169s></mii></realtek></acpi></acpi></acpi></acpi></high></at></at></acpi></acpi></core></software></version></software,></core ></lahf,cmp,svm,extapic,cr8,abm,sse4a,mas,prefetch,ibs,skinit,wdt></syscall,nx,mmx+,ffxsr,page1gb,rdtscp,lm></sse3,mon,ssse3,cx16,popcnt></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>

@thomasbredman: No access to console. No cable. Normally, you don't need a special cable. First thing to do when you take possession a 'system' : (whatever system : your router, the fridge, tv-set, etc etc ) : activate ssh access. Because this is the 'real' admin interface ;) Other explication : when you modify something on your main door, check-out FIRST your secret back-door (the same ssh access). Btw : when you use something like this https://www.netgate.com/products/sg-1000.html I wouldn't use it before i has this special cable …. (locking myself out, well .... I know .... seen that - been there)

Ah, that one. Mine is checked. But I never actually use the 'usb keyboard' and 'vga screen' (I'm using an old Dell Desktop PC as device). Accessing pfSense using the GUI and / or SSH ( Enable Secure Shell checked - Disable password login for Secure Shell (RSA/DSA key only - checked , means no password, but keys to login). The GUI is asking for login and password, as it does always. "password protect console screen" checked, or not. Good new : your setup (parameters) is causing this ;)

Ok good to know. It's been a year since I did the initial setup of this thing so my memory of the defaults is a little foggy. The naming of the CA led me to believe it was a default config. Anyway, thanks for the reply. You can close this topic now

Thanks Jim! I did a renew and it picked it up straight away! I am now running on the "prod" cert with my handy green padlock. Great work to the pfsense team!

I don't get it neither. Unplugged my WAP300N(sorry I write the wrong number previously) was one of the first thing I do. I reinstalle my pfsense from zero with a 2.2.6 version(I only have a 1GB CF card and the 2.3.x need a least 2GB for the nanobsd if i'm correct) I will try with a serial tu usb cable today and if I can have access this way I'll buy a bigger CF card. For the AP I already buy a new one (Unifi AP AC PRO). Thank you Gertjan for your time!

On an ordinary LAN, all the devices should have IP addresses in LANnet (the LAN subnet defined by the pfSense LAN IP/CIDR). In any case, the firewall is only going to receive and respond usefully to devices in LANnet. So packets in LANnet are all that needs to be passed. If you have a more complex setup for some reason, that has other private subnets reached via static routes to another router that is on LANnet, then pfSense LAN could receive packets with source addresses that are not in LANnet. So for that case you need a pass rule wider than just LANnet to let traffic through.

@chicago_cs: Posed thus, I can not remotely access the webGUI (HTTP) with the URL http://guard.mipagina.com A default pfSense, with one firewall rule on the WAN interface (redirecting anythhting, port 80 to the firewall ( == pfSense) itself, or A default pfSense, with one firewall rule on the WAN interface (redirecting anything, port 443 to the firewall ( == pfSense) itself and the GUI works from the entire planet. Of course, if there is another router in front of pfSense, more rules are needed concerning these other routers. But, such a situation actually never exists. The real solution is : Use (the build in) VPN. Btw : I have created a WAN rule that allows access from a Web Address to another Web Address (guard.dyndns.tv) on port 80. Can you detail that one ?? (do what others do : post a screen copy of your WAN rules). The "rule that allows access from a Web Address to another Web Address" seems scarry to me. Always : make everything work FIRST, starting from a 'default' system. (and then blow your install out of the water with package like squid or whatever … This way you know what to do to make it work again ;) )

I think both the plus/minus offset graph and stats and the absolute offset graph and stats are useful. The plus/minus offset average gives you an idea if the offset drifts around but averages close to zero. The absolute offset gives you an idea of how much off it is, regardless of plus/minus. So I added the absolute offset stat to the display. Redmine https://redmine.pfsense.org/issues/7548 PR https://github.com/pfsense/FreeBSD-ports/pull/354 [image: NTP-Graph01.png] [image: NTP-Graph01.png_thumb]

@phil.davis: I checked on 2.3.4-RELEASE and 2.4-BETA. In 2.3.4-RELEASE it always shows all the top menu items, even if they are empty. In 2.4-BETA empty ones do not show. So what you want is coming. Hi phil.davis, OH, I've seen the differences of 2 versions, thanks support for me.

Go to System->User Manager, edit the user that you are logged in as. See if the Custom Settings box is checked. If so, then that user has their own set of custom webGUI settings, which includes the theme. That user has a different theme selected from the default theme (which is selected in System->General Setup)

This quirk still exists in PFSense 2.3.4.

As said above, it has nothing to do with pfSense. The request is coming from your PC.

@NOYB: Is there a save button at the bottom of the page?  If so, after making changes, click it. Thanks NOYB.  Just upgraded all my 2.2 boxes and still not familiar with the 2.3.x interface.  I was having the same issue and missed the 'Save' button lighting up.