Bunch of weird things happening here
-
Hello,
I've been using my PfSense box (custom hardware with 8 threads and 16 GB of Ram) for a while with PfSense 2.5.2 vanilla (no patches and no packages), I spotted these things:
-
The auto rollback function seems working, the process exits and I also rebooted the machine to be sure, but I can't login anymore even if I rolled back prior the firewall changes. The result is that I can't connect anymore to the box with the WebGUI... The connection suddenly dropped, I think it's the firewall but I strongly don't think it's related to my lack of knowledge or my mistake, I made a rollback before that change and it didn't fix anything, it broke it :D ... I also checked my laptop config to be sure, IP and Gateway were correct... I had to make the whole firewall config reset and start from scratch... At least a re-deployment is not needed.
-
The firewall is slow time to time to make simple changes, like to enable an interface, or modify an existing interface IP, sometimes it takes 1 second or 20 seconds... This wide range of time doesn't make sense, plus the HW that I have is overkill...
-
Whenever you make an IPV4 change on the interface, automatically it re-enables the DHCP server, this should not happen, at leats as my preference.
-
Same for the router advertisement...
-
Tonight I've not been using PfSense in UPLINK, I mean, it was only turned ON. Today I logged in and it took 1 minutes to open the WebGUI... This is not the first time it happens, and the machine was not in stand-by. I also don't have weird power management settings in the BIOS... Any known issue?
-
With direct access to the machine, when you list the previous config snapshots you don't get the whole list, or at least you can't scroll the tty buffer, do you know how I can do it?
I stil didn't enable the SSH connection, maybe that is the simples workaround... -
My lack of knowledge in networking should not be having nothing to do with the issues mentioned above. In the recent threads you may have noticed struggles to make even a simple setup, but with the above issues I can't be blamed :D
-
-
It might be a long shot, but have you checked the hard drive? I've seen where a failing hard drive can slow a system down to a crawl and make it barely useable.
-
Hmm, that is weird. I suspect you have something else going on making it appear like some of those things are happening. Do you see that across multiple browsers? Multiple client hosts?
-
There is no auto-rollback function. It will only try to load an older config file if the current config file cannot be loaded. Like if the file is damaged.
-
None of those things should take more than a few seconds on fast hardware. If you have ACB loaded, and it's an older version, that can add to the time it takes for a config change.
-
That should not happen. The only way I could imagine it is if you changed from a dynamic to a static IP type and that allowed the DHCP server to run. However the gui will not allow you set a dynamic type until the DHCP server is disabled.
Steve
-
-
J JT40 referenced this topic on
-
When I can edit the post, I'll add also this:
- Configured the interface with HTTP from the backend, now it doesn't ask me anymore to set it up with HTTPS... So it remains in HTTP, this is definitely a bug.
-
@jsmorada said in Bunch of weird things happening here:
It might be a long shot, but have you checked the hard drive? I've seen where a failing hard drive can slow a system down to a crawl and make it barely useable.
Thanks, I didn't test the speed, but the SMART utility says is all good.
I think I'll test it with dd in the backend.@stephenw10 said in Bunch of weird things happening here:
Hmm, that is weird. I suspect you have something else going on making it appear like some of those things are happening. Do you see that across multiple browsers? Multiple client hosts?
- There is no auto-rollback function. It will only try to load an older config file if the current config file cannot be loaded. Like if the file is damaged.
With auto-roll back function I meant the auto snapshot created at each change.
- None of those things should take more than a few seconds on fast hardware. If you have ACB loaded, and it's an older version, that can add to the time it takes for a config change.
It may make sense, but with 8 threads is a bit shocking, I have an i5-8250U.
- That should not happen. The only way I could imagine it is if you changed from a dynamic to a static IP type and that allowed the DHCP server to run. However the gui will not allow you set a dynamic type until the DHCP server is disabled.
I never used Dynamic IP, but as I mentioned, in the UI, when you make an interface change, it automatically enables DHCP...
In any case, I did a test and enabled DHCP on one interface, I received the IP but I can't connect to it :D -
@jt40 said in Bunch of weird things happening here:
- Configured the interface with HTTP from the backend, now it doesn't ask me anymore to set it up with HTTPS... So it remains in HTTP, this is definitely a bug.
I'm not sure what you mean here. If you configured the webgui to use http then that's what it will do. It won't ask you to switch back to https. But you can switch back by just setting it in Sys > Adv > Admin Access.
Steve
-
@stephenw10 said in Bunch of weird things happening here:
@jt40 said in Bunch of weird things happening here:
- Configured the interface with HTTP from the backend, now it doesn't ask me anymore to set it up with HTTPS... So it remains in HTTP, this is definitely a bug.
I'm not sure what you mean here. If you configured the webgui to use http then that's what it will do. It won't ask you to switch back to https. But you can switch back by just setting it in Sys > Adv > Admin Access.
Steve
I mean, if I try to configure the same interface again, it doesn't ask anymore if you want to use HTTP or HTTPS, so I can't change it...
Protocol aside, I'm out of the WebGUI and not able to restore anything... Trying to figure out if it's my laptop, but it doesn't seem so...
More info on this thread: https://forum.netgate.com/topic/168282/how-to-set-the-same-vlans-between-the-switch-and-pfsense/74 , but probably I got the solution in the end, I need to test it... -
Hmm, I don't think I've ever tried to do that! You're right it doesn't ask if you want to enable https after setting the interface IP. I wouldn't call that a bug though, an oversight maybe but that's the intended operation. You can always set it in the config file if you really need to enable it before you have access to the webgui.
You can open a feature request: https://redmine.pfsense.org/Steve
