Not able to access webgui after changing https port

mathias · Nov 25, 2009, 7:49 PM

Hi,

I was reading the PfSense book and deciding to follow the advice on changing webgui port. I changed to webgui https port to 5501 and the system came op with the message "redirecting in 10 seconds…" but nothing happend.

Afterwards I wasn't able to connect to the webgui, and I tried a reboot, but still nothing. When i type in https://192.168.1.1:5501 it immidely shows me the standard FireFox connection error:

The connection was reset

The connection to the server was reset while the page was loading.

* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

I tried all sorts of combinations also the ones mentioned in the book (https://192.168.1.1:80 http://192.168.1.1:443) but without any luck. Anyone been through the same problem?

It's kind of embarrassing but my usual pc used to connect to the Soekris through serial modem isn't working and I haven't enabled ssh in the webgui :'(

mathias · Nov 25, 2009, 7:51 PM

I forgot to mention that when I try accessing the webgui with this URL:

http://192.168.1.1:5501

I get this message:

SSH-2.0-OpenSSH_5.1p1 Debian-5

Not sure if its any help…

mathias · Nov 25, 2009, 9:08 PM

Well it seems that I was a bit lucky. I found a old computer with a serial port, I was able to connect and select option number 2, so that I could reset the LAN interface, i selected the new ip address (192.168.1.1) and the new subnet (24) and then selected yes to run a dhcp server on the interface and run webgui on the http protocol. After a restart of the PfSense and the client iam stille not able to connect, now iam getting a timeout on http://192.168.1.1, are there any workarounds I may be able to use? Have have enabled ssh login now.

mathias · Nov 25, 2009, 9:18 PM

A little more research showed that the webgui apparently still are listening on port 5501?

netstat -an

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 xxx.80 xxx.2236 ESTABLISHED
tcp4 0 0 192.168.1.1.22 192.168.1.200.43280 ESTABLISHED
tcp4 0 0 192.168.1.1.22 192.168.1.200.43279 FIN_WAIT_2
tcp4 0 0 *.8000 . LISTEN
tcp6 0 0 *.53 . LISTEN
tcp4 0 0 *.53 . LISTEN
tcp4 0 0 *.5501 . LISTEN
tcp4 0 0 127.0.0.1.8023 . LISTEN
tcp4 0 0 127.0.0.1.8022 . LISTEN
tcp4 0 0 127.0.0.1.8021 . LISTEN
tcp4 0 0 127.0.0.1.19014 . LISTEN
tcp4 0 0 127.0.0.1.19013 . LISTEN
tcp4 0 0 127.0.0.1.19012 . LISTEN
tcp4 0 0 127.0.0.1.19011 . LISTEN
tcp4 0 0 127.0.0.1.19010 . LISTEN
tcp4 0 0 127.0.0.1.19009 . LISTEN
tcp4 0 0 127.0.0.1.19008 . LISTEN
tcp4 0 0 127.0.0.1.19007 . LISTEN
tcp4 0 0 127.0.0.1.19006 . LISTEN
tcp4 0 0 127.0.0.1.19005 . LISTEN
tcp4 0 0 127.0.0.1.19004 . LISTEN
tcp4 0 0 127.0.0.1.19003 . LISTEN
tcp4 0 0 127.0.0.1.19002 . LISTEN
tcp4 0 0 127.0.0.1.19001 . LISTEN
tcp4 0 0 127.0.0.1.19000 . LISTEN
tcp4 0 0 *.22 . LISTEN
tcp6 0 0 *.22 . LISTEN
udp4 0 0 *.67 .
udp6 0 0 *.53 .
udp4 0 0 *.53 .
udp4 0 0 xxx.6884 xxx.123
udp4 0 0 xxx.19489 xxx.123
udp4 0 0 xxx.45722 xxx.123
icm4 0 0 . .

mathias · Nov 25, 2009, 10:14 PM

I think I found the problem after looking at the /conf/config.xml file, my webgui section look like this:

<webgui><protocol>https</protocol>
<port>5501</port>
<certificate><private-key></private-key></certificate></webgui>

This is when I have enabled https and changed the port to 5501, I think it looks wrong since there is no certificate and maybe thats why it's not working.

I works if I modify the section into this:

Obviously my webgui now dosen't allow connections on the https protocol but it works with http, still not sure if I have made something wrong or discovered a bug…

Velociraptor · Jan 6, 2010, 12:07 AM

did you allow access to that port =?
are you sure that the firewall isn't blocking the traffic?
look at /var/log/filter.log

and did you generate the ssl certificate?

nozyczek · Feb 4, 2010, 12:01 AM

I have similar problem but I wasn't changing the port. I was changing SSL certificat and now I can't access webgui. I have SSH enable so I checked lighttpd but it doesn't look like it is running:

[root@pfsense.local]/root(5): sockstat | grep lighttpd
[1.2.3-RELEASE]

/var/log/lighttpd.log has million ^@^@^@^@^@^@^@^@^@^@^@^@^@^
and I don't see anything usual is system.log … except those ^@^@^@^@^ at the end. Is it normal?

I'm running nanoBSD 1.2.3 on ALIX embedded.
I did reboot but still no go
Any suggestions?
Thanks
nozyczek

nozyczek · Feb 4, 2010, 12:17 AM

OK, I found sicky at http://forum.pfsense.org/index.php/topic,3079.0.html and it helped. I don't know to apply SSL to make it work. And if someone could please explain those @@@@ in my logs? Is it normal?
Thanks

Velociraptor · Feb 6, 2010, 9:39 AM

i have it too so i guess its ok:)

jimp · Feb 6, 2010, 5:03 PM

The bits in the log are explained here:

http://doc.pfsense.org/index.php/Why_can%27t_I_view_view_log_files_with_cat/grep/etc%3F_%28clog%29

nozyczek · Feb 6, 2010, 8:07 PM

Jimp,
I had no idea that something like clog existed. At first I thought that my CF was corrupted. Thanks for point to that link.