[SOLVED] No access to webGUI on fresh install
-
"not starting, likely needs MSVC redist, which fails to install too."
Sounds like your machine the problem if you ask me… Been using wireshark for YEARS... On hundreds of machines have never had an issue getting it to install..
"I was really using proxy "
Use a good machine, maybe boot a linux live CD or something ;)
-
"not starting, likely needs MSVC redist, which fails to install too."
Sounds like your machine the problem if you ask me… Been using wireshark for YEARS... On hundreds of machines have never had an issue getting it to install..
"I was really using proxy "
Use a good machine, maybe boot a linux live CD or something ;)
I actually managed to get wireshark packet capture from my linux machine, but now I don't get it. It looks to me like DHCP is actually doing its job (Discover>Offer>Request>ACK), but then something goes wrong… I keep investigating. Might be my PC, but both, and same on Windows? Too strange,
Attaching the capture... Here router was running, then shut down, then booted again. I commented these moments in file.
-
So you see 2 times where you see a discover, offer, request and ACK.. Which seems odd..
But even after your client has gotten a lease and arping for pfsense 192.168.1.1 tell .100, you see no arp response.. So yeah the client is not going to be able to talk to pfsense if he can not arp for the mac of 192.168.1.1
You need to figure out why pfsense is not answering the ARP.. Is pfsense seeing the ARP? Sniff on pfsense under diagnostic, packet capture..
Those arps that ask tell 0.0.0.0 are ODD… But there are arps where says to tell .100
edit: here I did a release and renew on my client, and then you see it arp and get a response for pfsense IP .253 in my setup.
-
So you see 2 times where you see a discover, offer, request and ACK.. Which seems odd..
But even after your client has gotten a lease and arping for pfsense 192.168.1.1 tell .100, you see no arp response.. So yeah the client is not going to be able to talk to pfsense if he can not arp for the mac of 192.168.1.1
You need to figure out why pfsense is not answering the ARP.. Is pfsense seeing the ARP? Sniff on pfsense under diagnostic, packet capture..
Those arps that ask tell 0.0.0.0 are ODD… But there are arps where says to tell .100
edit: here I did a release and renew on my client, and then you see it arp and get a response for pfsense IP .253 in my setup.
Yeah, I see…
Do that "tell 0.0.0.0" even have any meaning, I wonder...
"under diagnostic, packet capture.. " Funny)
I've had to format my usb to fat32 then use
$ mount_msdosfs /dev/da0s1 /mnt $ tcpdump -vv -i re1 >> /mnt/sniffAttaching… (haven't got a time to dig through yet. Renamed to .pcap so I can upload, but wireshark don't like it somehow)
-
that is not how you would write a tcpdump to a pcap file.. That is going to be nothing more tha a text file..
20:31:07.211227 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:fff4:349 to_ex { }] 20:31:07.298230 IP (tos 0x0, ttl 64, id 45485, offset 0, flags [none], proto UDP (17), length 379) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0xc8ab475, Flags [none] (0x0000) Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75 SLP-NA Option 80, length 0"" MSZ Option 57, length 2: 1472 Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel" Hostname Option 12, length 2: "SU" T145 Option 145, length 1: 1 Parameter-Request Option 55, length 15: Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway Domain-Name-Server, Hostname, Domain-Name, MTU BR, NTP, Lease-Time, Server-ID RN, RB, Option 119 20:31:07.298452 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell pfSense.localdomain, length 28 20:31:07.631455 IP (tos 0x0, ttl 64, id 29334, offset 0, flags [none], proto UDP (17), length 379) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0x7b4c61f0, Flags [none] (0x0000) Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75 SLP-NA Option 80, length 0"" MSZ Option 57, length 2: 1472 Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel" Hostname Option 12, length 2: "SU" T145 Option 145, length 1: 1 Parameter-Request Option 55, length 15: Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway Domain-Name-Server, Hostname, Domain-Name, MTU BR, NTP, Lease-Time, Server-IDWhere did you sniff that.. Well pfsense is not answering the arp..
20:32:03.034667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:04.049569 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:05.062824 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:08.051965 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:09.062594 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:10.075960 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:13.056866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:14.075830 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:15.089126 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:18.061863 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:19.062338 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:20.075565 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:23.066783 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:24.075509 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:25.088866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:28.409154 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:29.435329 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:30.448618 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46Are you doing any vlans are these packets tagged? You could use -e with tcpdump to see if tagged.
-
that is not how you would write a tcpdump to a pcap file.. That is going to be nothing more tha a text file..
20:31:07.211227 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:fff4:349 to_ex { }] 20:31:07.298230 IP (tos 0x0, ttl 64, id 45485, offset 0, flags [none], proto UDP (17), length 379) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0xc8ab475, Flags [none] (0x0000) Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75 SLP-NA Option 80, length 0"" MSZ Option 57, length 2: 1472 Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel" Hostname Option 12, length 2: "SU" T145 Option 145, length 1: 1 Parameter-Request Option 55, length 15: Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway Domain-Name-Server, Hostname, Domain-Name, MTU BR, NTP, Lease-Time, Server-ID RN, RB, Option 119 20:31:07.298452 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell pfSense.localdomain, length 28 20:31:07.631455 IP (tos 0x0, ttl 64, id 29334, offset 0, flags [none], proto UDP (17), length 379) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0x7b4c61f0, Flags [none] (0x0000) Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75 SLP-NA Option 80, length 0"" MSZ Option 57, length 2: 1472 Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel" Hostname Option 12, length 2: "SU" T145 Option 145, length 1: 1 Parameter-Request Option 55, length 15: Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway Domain-Name-Server, Hostname, Domain-Name, MTU BR, NTP, Lease-Time, Server-IDWhere did you sniff that.. Well pfsense is not answering the arp..
20:32:03.034667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:04.049569 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:05.062824 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:08.051965 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:09.062594 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:10.075960 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:13.056866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:14.075830 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:15.089126 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:18.061863 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:19.062338 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:20.075565 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:23.066783 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:24.075509 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:25.088866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:28.409154 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:29.435329 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
20:32:30.448618 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46Yeah, sure. I meant I just added ".pcap" so I can upload it here, forum limitation.
Well, I guess You are right… I sniffed on pfsense.
And...hm... Do you have any suggestions?
-
Are you tagging traffic.. Only reason I could think that would not answer would be if its tagged so it not going to answer or something.
What switch do you have between, is your pc directly connected to the interface? Can you post the output of ifconfig on pfsense.
-
Are you tagging traffic.. Only reason I could think that would not answer would be if its tagged so it not going to answer or something.
What switch do you have between, is your pc directly connected to the interface? Can you post the output of ifconfig on pfsense.
No, it's direct connection. I tried using switch too, no luck… There was one interesting effect before though, not sure if it's related, but when it was working (I used to have access to webGUI from LAN) - WAN was not working, not getting ip from ISP's DHCP, and I managed to "fix" this with switch. I thought it was related either with MDI/MDI-X autodetection feature (most likely) or just power(very unlikely). When I was connecting just directly to WAN there was no light at all. I guess this will be my second problem if I'll fix current, because I need that switch for some more reasonable use)
Here it goes: (LAN connected to PC directly, WAN disconnected)
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether fc:aa:14:2f:18:cf hwaddr fc:aa:14:2f:18:cf inet6 fe80::feaa:14ff:fe2f:18cf%re0 prefixlen 64 scopeid 0x1 nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (none) status: no carrier re1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 4c:cc:6a:b7:ee:75 hwaddr 4c:cc:6a:b7:ee:75 inet6 fe80::4ecc:6aff:feb7:ee75%re1 prefixlen 64 scopeid 0x2 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex,master>) status: active lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 <performnud,auto_linklocal>groups: lo enc0: flags=0<> metric 0 mtu 1536 nd6 options=21 <performnud,auto_linklocal>groups: enc pflog0: flags=100 <promisc>metric 0 mtu 33160 groups: pflog pfsync0: flags=0<> metric 0 mtu 1500 groups: pfsync syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1</promisc></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></full-duplex,master></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast></performnud,accept_rtadv,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast> -
Just ditch the realteks. They are done.
-
Dude how does your machine have the same mac address as your pfsense lan interface?
Never going to work!!! Should of noticed that in the sniff first, look at your dhcp stuff its all from same mac to what looks like itself.
-
Dude how does your machine have the same mac address as your pfsense lan interface?
Never going to work!!! Should of noticed that in the sniff first, look at your dhcp stuff its all from same mac to what looks like itself.
Holy shell! Thank you!
It seems that it somehow persisted even after reinstall and I was changing it before to my router's, at least that's what I was thinking…
Well, need to find how to change it now) My current router is working like nightmare, loading pages for minutes, literally.
-
I had skimmed over your question for the arps tell 0.0.0.0 I mentioned which you have a lot of in that sniff.
Since no answers.. Client is resorting to asking anybody out there - hey router/switches do you know this IP… what is its mac??
So you did a mac spoof on pfsense, or you changed the mac on your machine? You could reverse your nics as quick fix.. So you put the mac on the other L2, this would allow you to get to your LAN and the web gui from your machine. And your ISP would most likely give you the IP your machine was getting before if connected to the modem, etc.
But yeah in the long term I would correct that.. Another quick fix if the original mac was lost - is just change it to something else that you don't have a duplicate of ;)
-
Yes, I changed mac on pfSense. Was thinking that my ISP might want it, because I was not getting to internet… but that's another question)
Hm, I don't know how to reverse them, lost that mac already. I guess anything but duplicate will be okay)
Changed it with
ifconfig re1 ether 00:23:ad:32:71:2b(made it up)
Is this proper way?And… dhcp seems working finally! But still can't access!
Will check further and post... disabled proxy already. -
…
Changed it withifconfig re1 ether 00:23:ad:32:71:2b(made it up)
As long as it isn't a duplicate of something that lives in the neighborhood.
-
Well I see arp back in that pcap, and see you send syn to 192.168.1.1 on that mac… But there is no answer. Do you have pfsense listening on 443 for the gui? Did you turn off the anti lockout rules?
Why would you not atleast use the correct vendor part of the mac? You have it setup for Xmark Corporation?
Your other nic shows fc:aa:14 which lists GIGA-BYTE TECHNOLOGY CO.,LTD
-
Well I see arp back in that pcap, and see you send syn to 192.168.1.1 on that mac… But there is no answer. Do you have pfsense listening on 443 for the gui? Did you turn off the anti lockout rules?
Why would you not atleast use the correct vendor part of the mac? You have it setup for Xmark Corporation?
Your other nic shows fc:aa:14 which lists GIGA-BYTE TECHNOLOGY CO.,LTD
I reverted it to http now just to try. Attaching sockstat & netstat. No, I didn't turn them off. They must be default. I Tried to explicitly turn off the firewall (forgot that exact command), no luck.
Should I care about that mac, like at all? I like how Xmark sounds) If only it all worked…
-
well from your sockstat your listening on 80.. So is it working on 80… Do you see mac in your arp on client... Do you get an arp reply back.. when you send syn to 80 do you get syn ack back?
Maybe that nic doesn't like other mac... Put it mac back, or get another nic.. You didn't mess with the wan nic right... Well then reverse them and see if you can get the gui..
But to restate Derelict comments.. Realtek nics do pretty much suck ;)
-
The MAC address on an interface in pfSense is set permanently in Interfaces > INTERFACE_NAME.
-
well from your sockstat your listening on 80.. So is it working on 80… Do you see mac in your arp on client... Do you get an arp reply back.. when you send syn to 80 do you get syn ack back?
Maybe that nic doesn't like other mac... Put it mac back, or get another nic.. You didn't mess with the wan nic right... Well then reverse them and see if you can get the gui..
But to restate Derelict comments.. Realtek nics do pretty much suck ;)
It was indeed that!
I've just changed to hardware mac and it finally works now!
Now I'm on my next problem, haha. And it looks very confusing…
But I'm getting to webGUI and even internet works... kind of.
Thank you very much!The MAC address on an interface in pfSense is set permanently in Interfaces > INTERFACE_NAME.
It was very useful advice when I was not able to get to webGUI, thanks.
-
….and even internet works... kind of.
Oh. Let me guess … the quad-8 problem ?
Anyway, glad things worked out.
