anyone with an answer please?

Yeah I was aware of that one. I just wanted a quick reference.  Thanks anyway!

First off, changes you make via are saved and will persist through a reboot. It would be kind of silly to do otherwise.  Edits via shell are likely to be overwritten by the GUI, depending on the package and config.

Is this a brand new installation of pfSense?  Your problems appear to be deeper than Squid and SquidGuard.

Hi !

If have about 40 users in my User manager, an "admin" with at least "WebCfg - All pages" Privileges, and normal "PortalUsers" group users with "User - Services - Captive portal login" Privileges.

When I declare a new group calls 'password', with this Privilege "WebCfg - System: User Password Manager page" and I make an user member of this group, the I'm capable of login in to the GUI and the only thing that's possible is: having the user changing its password ….

So, it works for me.
I can change the password for this user, when I login - its actually the only thing I can do with this user, and logout.

Are you using the last version, 2.1.4-RELEASE (xx)  ?

Put a ; character whenever you want a line break. It should be described that way under the custom options boxes.

Here is the start of a powershell script to log in, anyone have any suggestions on getting it to actually work?

#Firewall Hostname $fwhost = "https://firewall.org.org" #Firewall Login Name $fwlogin = "admin" #Password $fwpw = "tacos" $curlout = [string](.\curl\curl.exe -k -s -c cookies.txt $fwhost) $curlout -match "(sid:.{106})" $curlcmd = ".\curl\curl.exe -k -s -b cookies.txt -d login=Login&usernamefld=${fwlogin}&passwordfld=${fwpw}&__csrf_magic=$($matches[0]) ${fwhost}/services_wol.php" echo $curlcmd $curlout = [string](.\curl\curl.exe -k -s -i -b cookies.txt -d "login=Login&usernamefld=${fwlogin}&passwordfld=${fwpw}&__csrf_magic=$($matches[0])" ${fwhost}/services_wol.php) echo $curlout

Hello,

I managed to get to the colo recently and tested on the same lan: I was able to remain logged in to both tabs, so it appears to be something with ssh port forwarding.  I will dig into it some more and get back to you.

BTW: I have not done anything about the potential bad webgui ssl certificates…

--jason

@jimp,

Apologies for delay - thought I had notify turned on…

Cache is cleared.

This appears on the dashboard traffic graph widget.  It will also appear on Stauts - Traffic Graph but not initially (i.e., the graph will work fine for a period of time).  This does NOT happen on the dashboard as it has not been functional at all since the upgrade.

Hope that helps.

Using Chrome-Dev FWIW...

Move the GUI to another port.

You can't selectively bind the pfSense GUI to specific IPs (yet).

It depends on what rule is blocking. Click the red 'x' and see what it says. There are options to stop logging of certain default rules under Status > System Logs on the Settings tab.

Or, for example, if it's from the block private networks rule on the WAN, you can add your own block rule without logging set, and then disable the block private networks option on Interfaces > WAN.

No, didn't help.

What helped, was rebooting the pfSense.

Strange solution.

Please don't call 128-bit encryption capable browsers old, that's very far from the truth. I can not even think of a cipher that uses 128-bit keys for the symmectric encryption and is required by SSL/TLS that is now considered unsecure.