Web interface unresponsive

anomaly0617

Just some thoughts: In many cases the WebConfigurator Lockout Rules get in the way, especially for repeated inquiries to the firewall over the WAN interface.

So, are you trying to do this over the WAN interface or the LAN interface?

If LAN, do you have your WebConfigurator Anti-Lockout option UNchecked in System -> Advanced?
If LAN, can you access the console via the console itself, or via SSH?

If WAN, you might try this, which just fixed the issues for me:

The unresponsive web interface for the backup turned out to be the WebConfigurator Lockout rule getting in my way.
I found this by access the WebGUI on the LAN and going to Status -> System Logs -> Firewall.
I looked at the blocked log entry coming from my source IP to the firewall's destination IP.
I click on the Red Block symbol on the left, and it tells you what rule blocked it (@12: WebConfigurator Lockout Rule, in my case).

To solve the issue, I removed all of my allow rules from the NAT and Rules tables allowing my external IP in to this firewall, and then I rebooted the firewall under Diagnostics -> Reboot -> Yes.

Once the firewall rebooted, I went into the rules table, created a new rule:
Protocol: TCP
Source: {MyExternalSourceIP} (I used an alias)
SourcePort: Any
Destination: WAN Address
DestinationPort: {MyAdminPort}
Gateway: Any
Queue: None
Schedule: None

And voila, I can access the firewall Admin port again from my remote office.

Good luck, and I hope this helps!

lutech

@anomaly0617 Using LAN interface,  Disable webConfigurator anti-lockout rule UNchecked. Not the same problem as you I think. This is more of a UI bug that slows the UI down. If I wait for 1-2 minutes I get a response back. Next request can be fast, and then wait antoher minute for the next. No understandable pattern. Load on the server i LOW.

linco

Same problem with amd64 version on amd opteron server with 6 intel network cards igb. With 32 bit version of pfsense - no problems. What kind of network driver you have? (em, igb?). I think its network driver problem for 8.1 freebsd 64+igb.

computermad

see if u hv incorrect settings on the ldap auth.
I got mine fixed after removing the inactive ldap server entries from the user auth. setting.

oduesp

Same thing here on 2.0.1-RELEASE-pfSense (amd64) on Dell R610 with:
4 Intel and 4 Broadcom NIC (on 2 X E5620 and 8GB RAM). When the GUI became unresponsive, the SSH daemon answer and the connection gets stuck after entering the password or immediately logs me out.
Very frustrating as it happens randomly in a time frame between 5mn to 20mn and I'm trying to create a huge amount of rules for router/firewall migration

Edit: putting the nic in promiscuous mode dont help

Edit2: The recover time is also random (2mn to TimeOut)

Edit3: nothing is suspect in the logs, at least those in /var/log

fiftyheight

hi
We've got the same here, with 2.0.1 amd64 / intel gigabit + intel quad port gigabit nics (all em driver)
In the cases, all services seems OK but webinterface no

The jimp's workaround work, but it's a quite frustrating issue

tozdemirel

Hi,

I had the same problem with 4 bce and 2 em interfaces on HP DL380 G7 server. I also had boot messages about em interfaces like;

em0 Could not setup receive structures

I fixed that issue after some workaround.

With my installation /boot/loader.conf file comes with that line;

kern.ipc.nmbclusters="0"

I replaced that 0 with 655356 and issue solved…

You can get more information about that parameter and use proper value for your system.

StitchTech

I have the same issue and I can't make changes using the GUI because it's so unresponsive. I generally get a login prompt after a long wait when trying to connect but when I put in my username and password it usually comes back with a 503 - Service Not Available error. I'm a Linux newbie (but a CCNA so I know my way around a network) so I don't have a clue how to make the changes recommended in this thread by editing the config files. Any help would be greatly appreciated. I'm running a Dell T110 server with 500GB disk drive. I have three LANs along with the WAN all using the Dell bce ports on the two installed NIC cards.

Bittone66

Hello people,
same problem here: 2.0.2, AMD 64 on a Della 2950 server 1 Opteron dual core CPU, 8 GB ram, 2 broadcom + 4 intel Eth Adapter.
I'm running Squid a revrse proxy, multiple OPENVPN tunnels, FreeRADIUS 2, IPSEC VPN as server.
Bye

A.T.

CDuv

@computermad:

see if u hv incorrect settings on the ldap auth.
I got mine fixed after removing the inactive ldap server entries from the user auth. setting.

Also happens when there is DNS resolving issues with the LDAP(s) server(s) FQDN :

Sep 12 14:27:39 pfsense php: /status_services.php: ERROR! ldap_get_groups() could not bind to server MyCompany. : Can't contact LDAP server

One advice is to set an IP address in "Authentication Servers" config page (or to have complete faith into it's DNS server to respond).

jimp

@CDuv:

One advice is to set an IP address in "Authentication Servers" config page (or to have complete faith into it's DNS server to respond).

That would work with plain LDAP, but with LDAP+SSL, a hostname is required (and it must match the hostname of the LDAP server's certificate CN also)

turbo

Thought I bring this old post up as it happens still with 2.2.5 i386. After initial start the system runs just fine for weeks/a few month. Traffic is still going as supposed. Happened a lot lately and I fixed every time with a "cold start". Now I know a smoother way.

I was used to have the system running without a keyboard. Wanted to edit some rules and no response. Searched and found this thread. Attached a keyboard, and entered from jimp mentioned commands into the shell.

killall -9 php
killall -9 lighttpd
/etc/rc.restart_webgui

or just enter Option 11 (Restart webconfigurator)

Problem solved.  :D
Guess have to keep the keyboard attached now.  :(

hollister

Still seems an issue with 2.3.2-RELEASE (amd64)
built on Tue Jul 19 12:44:43 CDT 2016
FreeBSD 10.3-RELEASE-p3
Webgui not really responsive, I can wait up to 1min just to get the login screen and then things work.
Hardware APU or AMD G-T40E Processor

alexjensen

I'm not sure if this is related to your issue but I was having trouble with php-fpm / web console crashes a few weeks back while running on 2.3.2, I also read somewhere that people on 2.3.1 were having similar problems.

If you're using them, try removing the IPSec and/or OpenVPN widgets from the web console home page.

I don't know which widget was causing the problem for me but I haven't had any issues for almost 3 weeks now, previously was having an incident (web console crashing and dial in OpenVPN connections breaking and 1 incident of IPSec VPN becoming unresponsive) weekly.

hollister

I only have the following widgets:
System Information, Interfaces, Services Status, NTP Status, Installed packages, Thermal Sensors
For now I removed Installed packages
will see if there is any improvment on the next logon

tonymorella

@hollister:

I only have the following widgets:
System Information, Interfaces, Services Status, NTP Status, Installed packages, Thermal Sensors
For now I removed Installed packages
will see if there is any improvment on the next logon

If you are using a PC engines board disable hardware TCP Seg and large receive offloading and see if this helps. I noticed a huge difference.

MatthewH

This morning the web GUI wouldn't load. I'm running 2.3.2. Tried it in IE & Chrome on 2 computers in different subnets with same result. Tried using IP address & FQDN, same result. I got a warning about an invalid https certificate, which I shouldn't & don't usually get, and when I told the browser to proceed anyway it just sat trying to load. There were no messages on the console since when I successfully logged in yesterday.

Console options 16, then 11 fixed it.