There is a "deny config write" permission but I believe the restore process ignores that because it doesn't actually write the config in the traditional way. If that already doesn't work, then someone could probably add a few lines of code to the backup/restore page to deny restore if they have that permission bit set.

I just had the same problem with IE, menus disappeared, traffic graphs stopped working, dashboard -> system info -> version was stuck on 'Obtaining update status …' and cpu usage was stuck on '(Updating in 10 seconds)'.  In the meantime everything was working fine in Chrome.  It turns out I had accidentally toggled compatibility view in IE, toggled it back and everything started working again.  Not sure how well known this is, I'm fairly new to pfsense.

Have you tried this patch? http://forum.pfsense.org/index.php/topic,62410.msg364638.html#msg364638

It depends. For minor/beneficial bug fixes such as this, probably in 2.1.1 and later. For more intrusive fixes, 2.2.

It has to be able to do a reverse-looup of the IP address to hostname. For hosts with DHCP leases, you can select for them to be registered in the DNS Forwarder - "Register DHCP leases in DNS forwarder" and "Register DHCP static mappings in DNS forwarder". For other hosts (like servers on the LAN that have a static IP), if their name-to-address and address-to-name are stored in a DSN server somewhere then; Add a domain override to send the reverse-lookup requests to  that DNS server, like rows 3 and 4 in the attached screenshot. (rows 1 and 2 are sending real domains like abc.mydomain.com and xyz.abc.mydomain.com) For other unknown IPs, you can add a Host Overrides entry specifying the name and IP. Then the DNS Forwarder can do both forward and reverse lookup on that data. [image: DomainOverrides.png] [image: DomainOverrides.png_thumb]

for good software quality

It's not problem but I'm having the same bug with server status widget on some servers (2.0.2 and 2.1) . I get multiple similar widget windows and I don't use widescreen.

Yeah we didn't really have a more suitable icon available at the time I made it, but we could probably have our web guy make one up now. The problem is I can't think of any image that is appropriate for that action either. An up arrow isn't any more specific than the +… I put the shortcut bar in to save time/clicks. It's more useful for flipping between status, logs, and the config than from the config to the main config page.

Hmmm.  Well - Thats a new one on me.

Click the logo (top left) - that should also go to the dashboard. It may be your browser, too, IE has been known to do silly things like that.

And then there is the minor issue of DNS Rebind Check…  I'll wait for it to crop up.

What ptt said above. You cannot meaningfully test WAN from LAN. (Best case, it will get NAT-reflected back to LAN.)

Good stuff - I'm glad its working.

This is happening to me right now.  Internet is down (No IP on the WAN - Me and half the North East coast apparently) and so I bounced the pfsense box, not knowing that everything connected to FIOS for surrounding 4 states was offline, and it reboots just fine but no webconfigurator.  Verified the time in bios and that was fine.  Could it be possible pfsense was unable to read time from the onboard clock properly? Anyway - very strange.  I suspect its a problem that will correct its self when internet outage is over.  I'm going to try revert to http and see if that has any effect. (Reverting to webconfigurator had no effect at all.) Changing this to HTTP was a really bad idea.  Accomplished nothing.  Created work for myself. Easy work around was to throw a DD-WRT router in front of pfsense and then boot it so that it could grab an IP via DHCP from that router.  Even though there was no internet connectivity, this fixed the webconfigurator starting issue.  Once the normal internet returned, this problem disappeared.

Some of this won't make a difference, but won't hurt and might help. This has nothing to do with it, but generally UDP is better than TCP for openvpn. Try "Force all traffic generated through the tunnel" compress tunnel packets Set TOS IP header value of tunnel packets to match the encapsulated packets Provide a default domain name to clients.  Call it something like openvpndom1 Provide NTP Server list to clients - You can get some IPs for them on the web from NTP.ORG I assume the interface pfsense GUI falls within 10.100.0.0/16? Now - I see you have "WAN1" listed as interface.  This means you have multiple WANS? If so, you might need manual outbound NAT and set outbound routing by interface. If you have packets coming in on 1 interface and trying to leave on another, that would break things. (I'm actually a little in the dark on that because it seems hit and miss.  There is one pfsense running that I admin from time to time with 5 IPs, 5 WANs and no manual outbound NAT and it works just fine with openvpn.  Maybe because it only has 1 gateway?)

Why not just use the cert manager to either create a cert/key or import one from some other CA you run or use. Then when you set your webgui to use https you can pick what cert you want to use from the dropdown list. [image: certwebgui.png] [image: certwebgui.png_thumb]

Cheers, Jimp! Thank's for the info!

Not sure the command, but if you want to break it again, you should be able to just check the same button again in the web gui? (Yeah - I like everything there EXCEPT the mango with shrimp paste)