webGUI not responding, errors in console menu, networking functioning

  • I am running pfSense on SG-1100 for some years now. My installation is running stable for more than a year now. Until now: I cannot access webGUI anymore, when I start the console through SSH it reports all kinds of errors. But networking and internet are still standing. What changed is that I switched VPN provider: as per the end of November, I am now using AirVPN for VPN, and I ditched ProtonVPN. When I did some searches for the problems I am experiencing, on this forum amongst others, I found that it most likely has something to do with certificates. Due to a certificate the webGUI cannot load. Although I have some trouble in understanding why that would happen, it could even be true: because I have added a CA and a certificate in order for AirVPN to work.

    These are some of the errors I see in console.

    1/ directly under the list of interfaces, I see: "ofwdump: could not open /dev/openfirm: Permission denied"

    2/ choosing option 5 to reboot or option 6 to halt, I get:
    "Stopping /usr/local/etc/rc.d/pfb_dnsbl.sh...done.
    /bin/sh: cannot create /tmp/bootup_messages: Permission denied
    Stopping /usr/local/etc/rc.d/pfb_filter.sh...done.
    /bin/sh: cannot create /tmp/bootup_messages: Permission denied
    Stopping /usr/local/etc/rc.d/radiusd.sh...done.
    /bin/sh: cannot create /tmp/bootup_messages: Permission denied"

    3/ choosing option 9 pftop, I get: "pftop: open("/dev/pf"): Permission denied"

    The only way out is to power cycle. But this has a risk of corrupting the device, and seems to only work once. So far, I managed this without corrupting the device by unplugging all cables, waiting one minute, and keeping my fingers crossed. I do have an pfSense image ready, and a recent backup.

    What could be causing this? Is it the certificate indeed, and how can I know for sure? What could be a solution?

  • Managed to solve it. Here's what I did:

    1. Unplug all LAN cables from the SG-1100 device
    2. Wait 5 minutes to minimize the chance that something is writing to disk at the moment that I cycle power
    3. Unplug power, wait 60 seconds
    4. Plug power
    5. Wait until the device booted
    6. Then I could login again

    I went to the freshly added certificates that most likely were the offending ones rendering the webgui unresponsive. I observed that the certificate data in pfSense config did not have a last line feed after the last line (the one that reads '-----END CERTIFICATE-----') whereas, normally, all certificate files have that line feed after you download them. So I added a line feed after the last '----', and saved. I repeated this for all new certificates. Until now, the problem has not emerged anymore.

  • The above mentioned work-around only worked for a short while. When searching the internet for solutions to this I came across a post that mentioned this same problem and offered a solution (or maybe still a work-around).

    According to that post, one must connect through ssh, enter shell (option 8), type viconfig, find the section called webgui, and in that section, change protocol to http, then exit and save.

    Immediately after doing this I was able to connect to the web configurator again. And, quite surprisingly after changing this setting, it connects through https.

    Here's the link to the original post I found.

    PS, for people without "vi" experience, some hints to establish this once you opened viconfig:

    • to find webgui, press "/" then type "webgui", hit enter, hit enter again until you find "webgui"
    • to remove the s in https, place the cursor on the "s", hit the "x" key on your keyboard
    • to save, type ":", then type "wq" and hit enter

  • Thanks @Gertjan, for sharing that. The file system appears to be dirty, but since my kids are on the network now I really cannot reboot into single mode.... On my to do list for the weekend.

    BTW Today I experienced the same problem again (hence my returning to this post and reading Gertjan's comment). I rebooted the SG-1100 and restarted the webgui through console. None worked, the webgui remained unavailable.

    When I tried to re-apply this trick I found that the webgui setting was already set to 'http'. So I set it to 'https' : after this the webgui finally started working again! It seems that flipping this setting from https to http and back is a trick to force webgui back in business. A bug?