The command is not working it says "Not Permitted"

At the risk of spamming this thread, I'll post another few tidbits I'm seeing.

The RRD graph for this particular site-to-site openvpn server instance is displaying zero users, even when the status page is displaying all the client info and appears to be working (although it shows the wrong virtual IP address).

To clarify the "wrong virtual IP address" issue:
The "virtual IP" shown in the client status is the IP address of pfsense's tunnel endpoint, not the client endpoint.  That's wrong.  I tried reducing the VPN subnet for this particular server to a /30 so that there would be only 2 host IP's available, but that didn't change it (and was a pretty weak attempt at a fix, anyway).

Willing to do more troubleshooting here, if anyone desires.

Hi,

Yes, don't worry, we've seen them all.

You could try "System => Advanced=> Mitigate the BEAST SSL Attack" - but, honestly, I not for sure if it is even related.

It's a known bug, with one major side effect: it leaves traces in the web server log ….

Just in case someone else should stumble across this issue. I was able to get back in via HTTPS by:

Connecting via SSH and resetting the LAN IP (to what it was), and enabling HTTP when prompted. I then deleted the "webconfigurator default" cert, created a new CA and a new cert and switched the system back to HTTPs and all seems well.

It does so in IE as well. Havent tested chrome…

Hi,

Diagnostics => factory default
Or the long way (15 minutes ?) : re-install.

Note: editing directly the /cf/conf/config.xml always gives 'special effects' if the 'no errors' rule isn't respected ;)

No, I still couldn't click the X on the states but the reboot cleared out the entry giving me grief anyway.  :-\

Have you checked the interface? I have one box always picking the wrong interface for one RRD graph, but iirc it was the quality chart on a PPPoE connection…

Hi,

System => User manager => Settings
and you can set the session time (default 4 hours).

It sounds like he made the opt2 interface, but didn't right rules that would allow him to access it as it wouldn't be affected by the anti-lockout rule LAN has.

anyone with an answer please?

Yeah I was aware of that one. I just wanted a quick reference.  Thanks anyway!

First off, changes you make via are saved and will persist through a reboot. It would be kind of silly to do otherwise.  Edits via shell are likely to be overwritten by the GUI, depending on the package and config.

Is this a brand new installation of pfSense?  Your problems appear to be deeper than Squid and SquidGuard.

Hi !

If have about 40 users in my User manager, an "admin" with at least "WebCfg - All pages" Privileges, and normal "PortalUsers" group users with "User - Services - Captive portal login" Privileges.

When I declare a new group calls 'password', with this Privilege "WebCfg - System: User Password Manager page" and I make an user member of this group, the I'm capable of login in to the GUI and the only thing that's possible is: having the user changing its password ….

So, it works for me.
I can change the password for this user, when I login - its actually the only thing I can do with this user, and logout.

Are you using the last version, 2.1.4-RELEASE (xx)  ?